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Offshore’s  Rise  Is  Relentless 


Issue  is  a  sensitive  one 
for  execs,  who  say  cost 
outweighs  controversy 


BY  PATRICK  THIBODEAU 
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OUTSOURCING 

WATCH 


Offshore 
outsourcing 
is  so  main¬ 
stream  that 
by  next  year,  more  than  80%  of 
U.S.  companies  will  have  had 
high-level  discussions  about 
the  topic.  And  40%  will  have 
completed  some  kind  of  pilot 
program  or  will  be  using  near¬ 
shore  or  offshore  services. 

Despite  that  assessment, 
made  by  Gartner  Inc.  at  an 
outsourcing  conference  here 
last  week,  offshore  outsourc¬ 
ing  remains  a  difficult  issue  for 
executives  to  talk  about.  In 


fact,  many  attendees  were  skit¬ 
tish  about  responding  to  ques¬ 
tions  for  this  article,  except  in 
the  most  general  terms. 

Corporate  officials  did,  how¬ 
ever,  acknowledge  trends  re¬ 
lated  to  the  politically  charged 
issue.  For  instance,  BP  PLC  in 
London  is  discussing  offshore 
work  with  its  existing  out¬ 
sourcers,  IBM  and  Accenture 
Ltd.  “They  are  offering  us  an 
opportunity  to  have  consistent 
performance  at  a  lower  cost,” 
said  Russell  Taruscio,  down¬ 
stream  chief  financial  officer 
at  the  oil  company. 

Adding  offshore  compo¬ 
nents  to  outsourcing  contracts 
is  on  the  rise,  according  to 
IDC.  In  a  report  last  week,  the 
Framingham,  Mass.,  research 
firm  said  offshore  outsourcing 
Outsourcing,  page  16 
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■  Soft  suite,  converting 
to  a  three-tier  Web 

architecture,  scrapping  Unix  servers  in 
favor  of  Windows  servers  and  replacing 
its  database  software  -  all  at  the  same 
time.  Gary  H.  Anthes  reports  on  this 
complex  IT  overhaul,  which  is  already 
saving  millions  of  dollars.  Page  25 


Regulatory  Requirements 
Place  New  Burdens  on  IT 


Calif,  privacy  law  to 
debut;  panic  emerging 

BY  DAN  VERTON 

Costly  legal  battles  and  knee- 
jerk  decisions  on  security  are 
threatening  to  disrupt  compa¬ 
nies  that  do  business  with  Cal¬ 
ifornia  residents. 

Tomorrow,  a  state  pri¬ 
vacy  law  with  nationwide 
reach  takes  effect.  Securi¬ 
ty  and  legal  experts  pre¬ 
dict  that  the  law  will  burden 
companies  with  massive  class- 
action  lawsuits  and  could 
change  the  way  corporations 
approach  wireless  technology 
Privacy  Law,  page  53 


Damien  Bean,  vice  president  of 
corporate  systems  at  Hilton 


U.S.  firms  scramble  to 
comply  with  EU  tax 

BY  MATT  HAMBLEN 

The  European  Union’s  15 
member  nations  tomorrow 
will  begin  imposing  a  value- 
added  tax  on  digital  sales  to 
residents  by  non-European 
companies,  a  plan  that 
has  forced  many  U.S. 
businesses  to  undertake 
months  of  legal  and  tech¬ 
nical  preparations. 

Complicating  matters  is  the 
fact  that  the  VAT  varies  from 
country  to  country,  ranging 
from  15%  in  Luxembourg  to 
25%  in  Denmark  and  Sweden. 
As  a  result,  some  U.S.  compa¬ 
nies  have  had  to  choose  be¬ 
tween  two  costly  alternatives: 
updating  their  e-commerce 
systems  to  track  sales  and  ini¬ 
tiate  VAT  payments  at  the  var¬ 
ious  rates,  or  setting  up  new 
operations  in  one  of  the  mem¬ 
ber  countries  so  they  can  ap¬ 
ply  its  tax  rate  to  all  digital 
sales  throughout  the  EU. 


But  it’s  unclear  when 
vendors  will  adopt 
Version  1.2  of  protocol 

BY  CAROL  SLIWA 

When  Motor  Coach  Industries 
Inc.  launched  its  maiden  Web 
services  last  year,  some  mes¬ 
sages  didn’t  go  through,  and 
others  reached  their  destina¬ 
tions  only  in  partial  form. 

John  Morrison,  CIO  at  the 
Schaumburg,  Ill.,  bus  manu¬ 
facturer,  said  it  took  three  to 
four  weeks  to  trace  the  prob- 


Items  Subject  to  the 
European  Union’s 
New  VAT 

*  Software  downloads 

■  Web  hosting 

■  Online  databases 

*  E-learning  technology 

*  Electronic  images 
»  Newsservices 

*  Music  downloads 


“It’s  one  more  onerous 
process  forced  on  people  try¬ 
ing  to  do  Internet  e-com- 
merce,”  said  Joel  Ronning, 

CEO  of  Digital  River  Inc.,  an 
Eden  Prairie,  Minn.-based 
company  that  develops  and 
manages  e-commerce  Web 
sites  for  businesses.  “It’s  turn¬ 
ing  into  a  mess.” 

Digital  River,  whose  clients 
include  Motorola  Inc.,  3M  Co. 
and  Staples  Inc.,  has  spent 
“millions  of  dollars”  to  get 
ready  for  the  VAT,  Ronning 
said.  As  part  of  its  prepara- 

European  VAT,  page  53 


lem  to  differing  implementa¬ 
tions  of  SOAP  from  vendors  of 
Web  services  tools. 

“One  vendor  would  say, 
‘You’ve  got  to  do  it  this  way.’ 
Another  vendor  would  say, 
‘This  is  the  way  we  do  it,’  ” 
recalled  Morrison.  “It  boiled 
down  to  a  noncomplete  set  of 
standards  that  everyone  was 
implementing  differently.” 

That  should  change  at  some 
point,  although  it’s  unclear 
when.  The  World  Wide  Web 
Consortium  announced  last 

SOAP,  page  16 


W3C  Cleans  Up  SOAP  Standard 


Brain  triggers  rush  of  endorphins  to  help  prevent  panic 


IBM.  the  e-business  logo.  eServer  and  xSeries  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation.  Linux  is  a  registered  trademark  of 
Ijnus  Torvalds.  Windows  is  a  trademark  ot  Microsoft  Corporation  in  the  United  States,  other  countries,  or  both.  UNIX  is  a  registered  trademark  of  The  Open  Group  in  the 
United  States  and  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2003  IBM  Corporation.  All  rights  reserved. 


The  human  body  can  anticipate  problems  on  demand.  As  can  IBM 
eServer.  Select  eServer  xSeries™  models  are  designed  to  sense  when 
any  one  of  six  system  components  exceeds  a  safe  threshold.  They 
respond  by  notifying  the  system  administrator,  allowing  you  to  replace 
a  part  up  to  48  hours  before  it  fails. 

eServer:  servers  for  on  demand  business. 

Can  you  see  it?  See  it  at  ibm.com/eserver/ondemand 
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We've  been  listening  to  what  you,  our  customers,  have  to  say  about  the  way  the  software  industry 
does  business.  And  frankly,  some  of  it  couldn't  be  repeated  in  print.  You've  been  frustrated 
by  long-term  agreements.  You've  been  disenchanted  by  the  lack  of  options  when  it  comes  to 
software  licensing.  And,  most  of  all,  you've  been  annoyed  that  no  one's  been  listening  to  any 
of  your  complaints. 

Well,  we  want  you  to  know  that  we  hear  you,  and  we've  been  doing  everything  we  can  to  change 
the  way  we  do  business  with  you.  Recently,  we've  revolutionized  the  industry  by  being  the  first 
to  introduce  flexible  licensing  contracts.  With  FlexSelect  Licensing",  you  can  now  get  software 
on  your  terms,  not  ours.  We  offer  short-term  or  long-term  licensing  agreements,  so  you  can 
choose  your  commitment  based  on  your  needs.  Of  course,  if  you  prefer  more  traditional  long¬ 
term  licensing,  it's  still  available.  And  we  offer  payment  plans  that  fit  the  way  you  work,  not 
the  other  way  around. 


Flexible  software  licensing  is  about  choice. 

It's  about  control. 

It's  about  time. 


9 


We've  heard  back  from  many  of  our  customers  and  they're  thrilled  with  the  changes.  From  global 
Fortune  500®  companies  to  smaller  organizations,  the  response  has  been  overwhelmingly 
positive.  Some  of  the  comments  we've  received  include  "flexible  licensing  is  a  tremendous  tool," 
"a  huge  win  for  CA  customers"  and  "clearly  demonstrates  that  CA  is  an  extremely  innovative, 
flexible  and  customer-focused  company." 

But  the  changes  don't  stop  with  flexible  licensing.  That's  just  one  part  of  our  renewed  focus 
on  you,  our  customers.  We've  also  increased  our  responsiveness  to  your  needs.  And  we've  even 
increased  our  focus  on  internal  research  and  development,  furthering  our  commitment  to 
creating  the  most  innovative  business  software  solutions  in  the  market. 

Innovations  in  licensing,  increased  customer  responsiveness  and  product  development  are  just 
a  few  more  ways  we're  staying  well  ahead  of  the  rest  of  the  pack  in  the  software  industry.  Contact 
us  at  ca.com/flexselect  today  to  find  out  more.  We  think  you'll  be  pleased  with  what  you  see. 
If  not,  let  us  know.  And  we'll  do  something  about  it. 


FlexSelect  Licensing” 


Computer  Associates® 


©  2003  Computer  Associates  International,  Inc.  (CA).  All  trademarks,  trade  names,  service  marks,  and  logos  referenced  herein  belong  to 
their  respective  companies. 


Another  Digit,  Another  Deadline 

In  the  Management  section:  At  U.S.  retail¬ 
ers,  IT  executives  like  Ahold’s  Ed  Gropp 
(left)  must  update  systems  to  handle 
longer  bar  codes  by  Jan.  1, 2005.  Page  35 
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EMERGING  TECHNOLOGIES 

Preventive  Medicine 

In  the  Technology  section:  Despite  the  risk  of  false  positives, 
users  and  analysts  say  intrusion-prevention  systems  are  gain¬ 
ing  traction  in  the  corporate  IT  security  perimeter.  Page  28 
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6  A  PeopleSoft  user  panel  op¬ 
poses  Oracle’s  buyout  offer. 

6  The  Homeland  Security 

Department  says  the  feds 
should  certify  that  software  is 
secure  rather  than  regulate. 

7  A  CIA-funded  start-up  read¬ 
ies  a  new  SAN  appliance. 

7  HP  expands  its  lineup  of  stor¬ 
age  and  disaster  recovery 
services. 

8  An  appeals  court  rules  that 
Microsoft  doesn’t  have  to  use 
a  Sun-endorsed  version  of 
Java  —  but  did  violate  Sun’s 
copyright. 

10  NetWare  on  Linux  will  arrive 
sooner  than  expected. 

10  Flashline  launches  a  new  re¬ 
lease  of  its  portal  product 
that’s  designed  to  help  compa¬ 
nies  manage  and  reuse  soft¬ 
ware  assets. 

12  Sarbanes-Oxley  software 
tools  keep  on  coming. 

12  Intel  hopes  its  Madison 

processor  will  spur  increased 
adoption  of  its  Itanium  chips. 

14  IBM  wins  contracts  worth  a 
total  of  $380  million  to  man¬ 
age  IT  for  three  New  York 
hospitals. 

14  Siemens  unveils  technology 
for  the  health  care  market 
that’s  designed  to  encrypt 
electronic  communications. 

18  Q&A:  Sun  exec  opposes 

making  Java  open-source. 


25  Field  Report:  Hilton  Checks 
Into  New  Suite.  Hilton  Ho¬ 
tel’s  PeopleSoft  upgrade  re¬ 
quired  re-engineering  the  data 
center  as  the  company  moved 
from  client/server  to  a  three- 
tier  Web  architecture. 

30  Q&A:  Sharing  the  Info 
Wealth.  Don  Hatcher  of  SAS 
Institute  says  his  customers 
are  looking  for  ways  to  dis¬ 
tribute  information  from  ana¬ 
lytics  across  the  business. 

31  Future  Watch:  Taming  Data 
Complexity.  A  standardized 
data  “container”  could  launch 
a  vast  peer-to-peer  repository 
of  public  data  that’s  easily  ac¬ 
cessible  in  different  formats. 

32  Security  Manager’s  Journal: 
Corporation  Caught  in  the 
Cross  Hairs.  A  focused  e-mail 
attack  causes  Vince  Tuesday 
to  wonder  if  his  company  was 
singled  out  as  a  target.  An 
investigation  allays  his  fears 
—  well,  most  of  them. 

MANAGEMENT 

38  Wanted:  Security  Tag  Team. 

IT  and  engineering  must  work 
together  to  secure  danger¬ 
ously  vulnerable  process  net¬ 
works.  Read  how  companies 
like  Du  Pont  and  Dow  Chemi¬ 
cal  are  approaching  process 
network  security. 

42  Managing  the  Temporary 
Players.  Shell  Oil  uses  a  Web- 
based  workforce  management 
system  to  reduce  the  costs 
and  headaches  of  procuring 
short-term  labor. 


8  On  the  Mark:  Mark  Hall  wan¬ 
ders  into  the  battle  of  Pocket 
PC  vs.  Palm  OS  vs.  Java  in 
handhelds  and  discovers  a 
dearth  of  developers.  And 
guess  who  makes  the  fastest 
desktop  machine.  Apple? 

20  Maryfran  Johnson  has  some 
advice  for  those  who  think  it’s 
a  lousy  time  to  start  a  big  IT 
infrastructure  project,  point¬ 
ing  to  the  success  of  world- 
famous  Hilton’s  tech  overhaul. 

20  Pimm  Fox  tells  how  pioneers 
are  taking  call  center  technol¬ 
ogy  beyond  the  obvious. 

21  Dan  Gillmor  reports  that 
Apple’s  developer  conference 
offered  limited  news  of  interest 
to  corporate  IT.  The  big  ques¬ 
tion  remains:  How  will  Micro¬ 
soft  affect  Apple’s  future? 

34  Robert  L.  Mitchell  says  that 
as  privacy  laws  proliferate,  the 
issue  of  compliance  is  moving 
front  and  center. 

44  Peer  to  Peers:  Norbert  J. 
Kubilus  calls  on  CIOs  to  join 
the  Sarbanes-Oxley  game. 

54  Frankly  Speaking:  Frank 
Hayes  hates  to  admit  it,  but 
sabotage  has  a  place  in  the 
IT  toolbox.  Sometimes,  it’s 
the  only  way  to  deal  with 
ill-conceived  projects. 
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Steps  to  Securing  Your  Company 

SECURITY:  Security  expert  and  author  Eric 
Cole  outlines  his  four  general  principles  to 
make  an  organization  secure. 

©  QuickLink  39454 

Improving  Web  Performance 

WEB  SITE  MANAGEMENT:  Read  how  applica¬ 
tion  delivery  networks  reduce  the  response 
time  and  increase  the  availability  of  dynamic 
Web  apps  hosted  at  a  centralized  data  center. 

©  QuickLink  39505 

SMI-S  Successor  to 
Bluefin  on  Fast  Track 

STORAGE:  The  first  customers  could  be  using 
the  storage  management  interface  specifica¬ 
tion  by  the  end  of  the  year. 

©  QuickLink  39242 

Before  Going  Wireless, 

Plan  a  Site  Survey 

MOBILE/WIRELESS:  Companies  that  are  look¬ 
ing  to  set  up  wireless  networks  need  to  get 
some  preliminary  work  done  first,  an  802.11 
Planet  conference  speaker  advises. 

©  QuickLink  39480 

Research  Reports 

RESEARCH:  In  partnership  with  InfoEdge, 
Computerworld.com  offers  an  extensive 
selection  of  IT  and  business  research  for  IT 
professionals  from  dozens  of  third-party 
analyst  and  consulting  firms. 

©  QuickLink  a3350 

What’s  a  QuickLink? 

O  On  some  pages  in 
this  issue,  you'll  see 
a  QuickLink  code  pointing 
to  additional,  related  con¬ 
tent  on  our  Web  site.  Just 
enter  that  code  into  our 
QuickLink  box,  which 
you'll  see  at  the  top  of 
each  page  on  our  site. 
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Microsoft  Adds  New 
Exchange  License 


Microsoft  Corp.  today  plans  to  re¬ 
lease  Exchange  Server  2003  for 
manufacturing  and  announce  a 
per-user  client-access  license  for 
the  messaging  software.  The  new 
license  will  let  a  single  end  user 
access  Exchange  Server  2003 
from  a  variety  of  devices,  said 
Microsoft,  which  licenses  the 
current  version  of  Exchange  on  a 
per-device  basis.  The  upgrade  is 
due  to  ship  in  the  third  quarter. 


3Com  Reports  Loss, 
Joint  Venture  Delay 

Santa  Clara,  Calif.-based  3Com 
Corp.  reported  a  $38.4  million  net 
loss  on  revenue  of  $175  million  for 
its  fourth  quarter,  which  ended 
May  30.  The  company  also  dis¬ 
closed  that  a  networking  joint 
venture  with  Shenzhen,  China- 
based  Huawei  Technologies  Co. 
is  now  expected  to  become  fully 
operational  by  November,  two 
months  later  than  planned.  3Com 
CEO  Bruce  Claflin  blamed  the  de¬ 
lay  primarily  on  internal  IT  issues. 


Sun  Buys  Java 
Software  Vendor 

Sun  Microsystems  Inc.  said  it  has 
agreed  to  acquire  Pixo  Inc.,  a  ven¬ 
dor  of  Java-based  server  software 
that  manages  the  distribution  of 
digital  content  to  mobile  devices. 
Sun  will  pay  an  undisclosed 
amount  of  cash  for  San  Jose- 
based  Pixo  and  fold  the  company 
into  its  software  unit.  The  deal  is 
expected  to  be  completed  by  Sep¬ 
tember,  Sun  said. 


Short  Takes 

HEWLETT-PACKARD  CO.  plans  to 
resell  SuSE  Linux  AG’s  version  of 
Linux  and  said  it  will  release  a  line 
of  clustered  Linux  systems  in  Au¬ 
gust.  ...  A  law  firm  representing 
shareholders  of  ELECTRONIC  DATA 
SYSTEMS  CORP.  said  it  plans  next 
week  to  file  a  class-action  lawsuit 
that  consolidates  15  separate 
complaints  against  the  Plano, 
Texas-based  IT  services  firm. 
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PeopleSoft  User  Panel 
Opposes  Oracle’s  Offer 


Head  of  advisory  board  says  buyout  bid 
poses  threat;  Oracle  continues  pursuit 


BY  TODD  R.  WEISS 

RACLE  CORP.  last 
week  said  it  will 
continue  its  hostile 
takeover  bid  for  ri¬ 
val  PeopleSoft  Inc.  despite  re¬ 
cent  changes  in  a  proposed 
merger  deal  between  People- 
Soft  and  J.D.  Edwards  &  Co. 
Meanwhile,  PeopleSoft’s  glob¬ 
al  customer  advisory  board 
announced  that  it  “firmly  sup¬ 
ports”  the  company’s  decision 
to  reject  Oracle’s  sweetened 
buyout  offer. 

Peg  Nicholson,  president  of 
the  advisory  board  and  CIO  at 
golf  equipment  maker  Acush- 
net  Co.  in  Fairhaven,  Mass., 
said  in  a  statement  that  Ora¬ 
cle’s  tender  offer  for  People- 
Soft  is  “clearly  anticompeti¬ 
tive”  and  poses  a  threat  to  ex¬ 
isting  investments  in  People¬ 
Soft’s  business  applications. 

“We  feel  strongly  that  an 
Oracle  acquisition  of  People- 
Soft  would  reduce  competi¬ 
tion  and  force  PeopleSoft  users 


HAn  Oracle 
acquisition  of 
PeopleSoft  would 
reduce  competition 
and  force  PeopleSoft 
users  to  migrate. 

PEG  NICHOLSON,  CIO.  ACUSHNET  CO. 

to  migrate  from  their  current 
applications  and  possibly 
[their]  database  platforms,” 
she  said.  “This  unnecessary, 
expensive  and  risky  effort  is 
clearly  not  in  the  best  interest 
of  PeopleSoft  customers.” 

Unnecessary  Alarm 

In  response,  Oracle  said  that 
Pleasanton,  Calif.-based  Peo¬ 
pleSoft  “has  unnecessarily 
alarmed  its  own  customers  in 
a  cynical  effort  to  distract  at¬ 
tention  from  the  tangible  ben¬ 
efits  of  our  offer.” 

When  Oracle  announced  its 


takeover  bid  on  June  6,  CEO 
Larry  Ellison  said  the  compa¬ 
ny  wouldn’t  actively  sell  Peo¬ 
pleSoft’s  applications  to  new 
customers,  a  comment  that  led 
some  PeopleSoft  users  to  react 
with  dismay.  But  Ellison  more 
recently  promised  to  continue 
developing  PeopleSoft’s  prod¬ 
ucts  for  at  least  10  years  and 
said  users  won’t  be  forced  to 
convert  to  Oracle’s  E-Business 
Suite  lli  applications. 

After  increasing  the  value  of 
its  offer  from  $5.1  billion  to 
$6.3  billion  on  June  18,  Oracle 
last  week  took  another  step  to 
show  that  it’s  serious  about 
proceeding.  The  company  said 
it  would  waive  a  condition  in 
its  tender  offer  that  stated  it 
would  go  forward  only  if  Peo¬ 
pleSoft  and  Denver-based  J.D. 
Edwards  didn’t  modify  the 
merger  agreement  they  an¬ 
nounced  on  June  2. 

PeopleSoft  and  J.D.  Edwards 
did  amend  the  deal  two  weeks 
ago  in  an  effort  to  speed  up 
the  merger  and  potentially 
block  an  Oracle  takeover.  Al¬ 
though  Oracle  is  pushing  on, 
company  spokesman  Jim  Finn 


said  it  still  views  the  amended 
merger  agreement  as  “an  un¬ 
lawful  device”  and  called  on 
PeopleSoft’s  board  to  meet 
with  Oracle  executives. 

But  PeopleSoft  was  unim¬ 
pressed.  “Oracle  is  just  blow¬ 
ing  smoke  again,”  said  spokes¬ 
man  Steve  Swasey. 

In  another  development, 
representatives  of  various 
state  attorneys  general  held  a 
conference  call  June  24  to  dis¬ 
cuss  the  possible  antitrust 
ramifications  of  Oracle’s 
takeover  bid.  The  call  fol¬ 
lowed  the  filing  of  an  antitrust 
lawsuit  against  Oracle  by  Con¬ 
necticut’s  state  government, 
which  is  in  the  midst  of  a  $100 
million  PeopleSoft  project. 

But  officials  from  Texas  and 
California  said  such  calls  are 
routine  and  added  that  they 
haven’t  made  any  decisions  to 
intervene  in  the  buyout  fracas. 
“This  is  a  standard  fact-find¬ 
ing  process,”  said  Tom  Kelley, 
a  spokesman  for  the  Texas  at¬ 
torney  general’s  office.  I 


MORE  ONLINE 

Oracle’s  Bid  for  PeopleSoft:  Visit 
our  Web  site  for  additional  coverage: 

QuickLink  a3320 


Product  News:  Oracle  announced  an 
upgraded  applications  release  at  a  user 
conference  in  London: 


©QuickLink  39554 

www.computerworld.com 


Government  Certification  of  Software 
Proposed  to  Boost  Homeland  Security 


BY  DAN  VERTON 

WASHINGTON 

The  U.S.  Department  of 
Homeland  Security  is  empha¬ 
sizing  government  security 
certifications  as  a  means  of 
improving  software  security 
while  avoiding  more  invasive 
government  intervention. 

The  policy  of  the  current  ad¬ 
ministration,  as  with  the  previ¬ 
ous  two,  has  been  to  allow 
market  forces  to  drive  security 
improvements  in  the  software 
industry.  However,  with  little 
evidence  of  the  effectiveness 
of  that  approach,  the  govern¬ 
ment’s  commitment  to  foster¬ 
ing  change  is  under  scrutiny. 

At  a  homeland  security  con¬ 


ference  here  sponsored  by  the 
Center  for  Strategic  and  Inter¬ 
national  Studies  and  the  Infor¬ 
mation  Technology  Industry 
Council,  Microsoft  Corp. 
Chairman  Bill  Gates  last  week 
expressed  staunch 
support  for  govern¬ 
ment  testing,  certi¬ 
fication  and  re¬ 
wards  for  security 
improvements. 

That  approach  is 
backed  by  Robert 
P.  Liscouski,  assistant  secre¬ 
tary  for  infrastructure  at  DHS, 
who  distinguished  govern¬ 
ment  certification  from  the 
type  of  regulation  the  admin¬ 
istration  opposes.  He  said  that 


although  private-sector  deci¬ 
sions  about  security  always 
come  down  to  a  business-case 
analysis,  companies  are  often 
forced  to  make  poor  software 
choices,  given  the  state  of  soft¬ 
ware  quality  and 
security. 

“If  we  can  get  the 
risk  management 
industry  to  recog¬ 
nize  good  practices 
that  can  be  certi¬ 
fied  ...  I  don’t  see 
that  as  regulation,”  he  said.  “I 
see  that  as  a  very  positive  in¬ 
centive  to  get  the  industry  to 
go  where  it  has  to  go.” 

Dave  Carey,  president  of  in¬ 
formation  assurance  at  Oracle 


Corp.  and  a  former  CIA  offi¬ 
cer,  said  that  although  Oracle 
supports  various  government 
certification  processes,  such 
as  the  Common  Criteria  and 
Federal  Information  Process¬ 
ing  Standard  140,  “they  are 
neither  easy  nor  cheap.” 

On  average,  evaluations  of 
Oracle  products  have  taken 
eight  to  10  months  and  cost 
about  $1  million  each,  said 
Carey.  “But  once  done,  custo¬ 
mers  can  have  the  confidence 
that  the  security  features  in 
the  products  they  buy  func¬ 
tion  as  intended,”  he  added. 

Whit  Diffie,  chief  security 
officer  at  Sun  Microsystems 
Inc.,  said  the  certification 
process  can  be  shortened,  but 
reducing  its  cost  will  require 
significant  changes  to  the 
overall  testing  architecture 
and  methodology.  I 


SECURITY  GATES 

Microsoft  Chairman  Bill  Gates 
sees  software  security  as  key 
to  homeland  security: 

O  QuickLink  39493 
www.computerworld.com 
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CIA-Supported  Storage  Virtualization 
Start-up  Emerges  With  SAN  Appliance 


Device  integrates 
storage  capacity  on 
multivendor  arrays 

BY  LUCAS  MEARIAN 

Candera  Inc.  this  week  plans 
to  go  public  with  a  storage  vir¬ 
tualization  device  after  two 
years  of  development,  joining 
the  race  to  provide  users  with 
technology  that  can  combine 
different  storage  subsystems 
into  virtual  pools  of  data. 

Milpitas,  Calif. -based  Can¬ 
dera  will  announce  the  release 
of  its  SCE  510  appliance,  a 
combination  switch  and  virtu¬ 
alization  product  that  works 
on  multivendor  storage-area 
networks  (SAN).  The  start-up, 
which  has  been  partly  funded 
by  the  CIA,  is  selling  the  sys¬ 
tems  in  clustered  pairs  that 
operate  separately  from  each 
other  but  can  balance  work¬ 
loads  between  them. 

Candera’s  promise  is 
straightforward:  The  company 


says  that  using  application 
programming  interfaces  based 
on  standards  like  XML,  HTTP 
and  the  Simple  Network  Man¬ 
agement  Protocol,  the  SCE  510 
can  work  with  any  SAN  switch 
to  virtualize  the  storage  capac¬ 
ity  on  various  arrays  so  it  all 
looks  like  a  unified  pool. 

The  new  appliance  can  au¬ 
tomatically  identify  devices 
on  SANs  by  disk  type,  vendor 
and  the  level  of  supported  re¬ 
dundancy  protection,  allowing 
systems  administrators  to  set 
up  dynamic  provisioning  poli¬ 
cies  for  different  types  of  data, 
according  to  Richard  Meyer, 
Candera’s  principal  engineer. 

Market  Rivals 

The  SCE  510  will  compete 
against  virtualization  products 
from  vendors  like  IBM  and 
Hewlett-Packard  Co.,  as  well 
as  Brocade  Communications 
Systems  Inc.’s  virtualization- 
enabled  SilkWorm  Fabric  Ap¬ 
plication  Platform  switches. 


A  senior  storage  architect  at 
a  Global  100  company  said 
he’s  leaning  toward  the  Can¬ 
dera  box  over  rival  virtualiza¬ 
tion  technologies  from  IBM, 
FalconStor  Software  Inc.  and 
DataCore  Software  Corp.  be¬ 
cause  the  SCE  510  was  devel¬ 
oped  with  redundancy  and 
high  availability  in  mind. 

The  other  products  run  on 
commodity  hardware  that 
could  prove  to  be  a  point  of 
failure  in  his  SAN,  said  the 
storage  architect,  who  asked 
that  he  and  his  company  not 


be  identified.  In  contrast,  Can¬ 
dera  is  using  a  pair  of  special¬ 
ized  processors  designed  to 
handle  heavy-duty  workloads. 

A  vice  president  of  architec¬ 
ture  and  capacity  planning  at  a 
large  financial  services  firm, 
who  also  asked  to  remain 
anonymous,  said  his  company 
beta-tested  the  SCE  510  last 
month  and  plans  to  roll  it  out 
in  September.  The  device 
should  let  IT  staffers  manage 
all  the  disk  arrays  on  the  firm’s 
50TB  SAN  through  a  single  in¬ 
terface,  the  executive  said. 

But  he  added  that  the  SCE 
510  is  missing  two  key  fea¬ 
tures:  support  for  migrating 
data  from  direct-attached  stor¬ 
age  devices  to  SANs,  and  data 


replication  capabilities  for  dis¬ 
aster  recovery  applications. 

Meyer  said  he  has  heard  the 
same  comment  from  other  po¬ 
tential  users  and  added  that 
both  of  those  features  are  in 
development.  But  he  couldn’t 
say  when  they’re  due  to  be¬ 
come  available. 

Mike  Fisch,  an  analyst  at 
The  Clipper  Group  Inc.  in 
Wellesley,  Mass.,  said  Can¬ 
dera’s  product  could  make  a 
splash  in  the  storage  manage¬ 
ment  market  because  it  ad¬ 
dresses  key  user  require¬ 
ments,  including  logical  unit- 
number  mapping,  capacity 
planning  and  dynamic  provi¬ 
sioning. 

Candera  is  also  jointly  de¬ 
veloping  security-related 
hardware  and  software  fea¬ 
tures  with  In-QTel  Inc.  in  Ar¬ 
lington,  Va.,  a  nonprofit  com¬ 
pany  that  acts  as  the  CIA’s 
technology  funding  arm 
[QuickLink  33889].  Those  fea¬ 
tures  include  support  for  the 
Lightweight  Directory  Access 
Protocol  and  Secure  Sockets 
Layer  standards  and  should  be 
added  to  the  SCE  510  in  the 
fourth  quarter,  Meyer  said.  I 


TECHNOLOGY  DETAILS 


Candera’s  SCE  510 

■  Functions  as  both  a  storage 
switch  and  a  virtualization  device. 


■  Supports  AIX,  HP-UX, 

Solaris  and  Windows. 

■  Provides  a  virtual  pool  of 
storage  from  multivendor  arrays 

■  Starts  at  $100,000  for  a  clus¬ 
tered  pair  of  appliances. 


HP  Expands  Its  Storage,  Disaster  Recovery  Services 

Offerings  include  system  assessments, 
installation  of  SAN  management  software 


BY  LUCAS  MEARIAN 

Hewlett-Packard  Co.  last  week 
announced  five  storage  man¬ 
agement  and  disaster  recovery 
services  in  a  bid  to  take  advan¬ 
tage  of  an  uptick  in  storage- 
related  consulting  that’s  being 
driven  by  tight  IT  budgets. 

The  services  being  offered 
by  HP  include  assessments  of 
how  to  optimize  storage  sys¬ 
tems,  data  replication  deploy¬ 
ments,  and  development  of 
disaster  recovery  and  storage- 
area  network  (SAN)  manage¬ 
ment  architectures.  HP  said  it 
will  offer  the  storage  services 
as  part  of  both  straightforward 
consulting  engagements  and 
more  comprehensive  deals 
that  also  include  technology 
installation  and  training. 

Charlie  Orndorff,  CIO  at 
Crossmark  Inc.,  an  advertising 


and  marketing  company  in 
Plano,  Texas,  said  he  currently 
uses  both  HP  and  Veritas  Soft¬ 
ware  Corp.  for  IT  services  on 
some  storage  projects.  His 
dealings  with  HP  may  be 
widened  over  the  next  few 
months:  Orndorff  intends  to 


merge  7TB  and  4TB  SANs  to 
reduce  his  staff’s  storage  man¬ 
agement  headaches,  and  he’s 
eyeing  HP’s  disaster  recovery 
and  business  continuity  ser¬ 
vices  as  part  of  that  plan. 

“What  you  really  need  is  a 
comprehensive  solution  that 
says,  ‘If  I  go  down,  my  data 
will  be  available  in  one  hour, 
four  hours  or  whatever  the 
SLAs  are  that  are  in  place,’  ” 


Orndorff  said.  He  added  that 
he  also  doesn’t  want  to  have  to 
hire  specialized  IT  technicians 
to  manage  different  aspects  of 
the  combined  SAN  as  Cross¬ 
mark  installs  more  complex 
storage  technology. 

Robert  Gray,  an  analyst  at 
IDC,  said  the  use  of  IT  ven¬ 
dors  to  help  design  and  imple¬ 
ment  storage  systems  is  on  the 
upswing  because  companies 
want  to  get  the  most  out  of 
their  technology  purchases  in 
the  current  economic  climate. 
Storage  vendors  “had  been 
selling  the  product  and  walk¬ 
ing  away,  leaving  [IT  man¬ 
agers]  underusing  what  they 
invested  in,”  Gray  said. 

The  disaster  recovery  man¬ 
agement  service  is  available 
now,  said  Gary  Wright,  vice 
president  of  HP’s  Network 
Storage  Services  division.  The 
other  services  announced  last 
week  are  scheduled  to  become 
generally  available  worldwide 


by  the  end  of  the  third  quarter. 

Gartner  Inc.  analyst  Adam 
Couture  said  the  announce¬ 
ment  was  largely  a  case  of  HP 
formalizing  storage  services 
that  it  and  the  former  Compaq 
Computer  Corp.  had  offered 
separately  through  their  re¬ 
spective  consulting  staffs. 

HP  is  also  reducing  the 
maximum  fees  that  users  of  its 
Storage  Works  XP128  and 
XP1024  disk  arrays  could  pay 
under  its  metered  pay-per-use 
pricing  plan,  Wright  said.  Be¬ 
fore,  companies  adopting  the 
metered  pricing  may  have 
paid  up  to  25%  more  than  the 
standard  monthly  lease  cost 
for  the  arrays,  depending  on 
how  much  of  the  available 
storage  capacity  they  actually 
used.  Now,  HP  is  limiting  the 
extra  fees  to  no  more  than  5% 
above  the  regular  price.  ► 


STORAGE  DOWNLOAD 

For  the  latest  news,  visit  our  Storage 
Knowledge  Center  online: 

QuickLink  k1700 
www.computerworld.com 


HP’s  New  Storage  vices 


■  Storage  optimization  consulting  that  offers  recommendations  for  in¬ 
creasing  data  availability  and  storage  efficiency.  PRICING:  Starts  at  $10,000. 

■  Implementation  of  data  replication  technology,  such  as  data  snapshot 
and  remote  mirroring  capabilities.  PRICING:  Rom  $10,000  to  $60,000. 


■  Development  of  disaster  recovery  plans  that  use  in-house  backup  sites 
or  50  facilities  that  HP  has  set  up  worldwide.  PRICING:  About  $100,000. 


■  Deployment  of  SAN  management  systems  based  on  HP's  OpenView 
Storage  Area  Manager  software.  PRICING:  Rom  $10,000  to  $100,000. 


■  A  data  sanitization  program  designed  to  ensure  that  information  is  erased 
from  disks  or  tapes  being  thrown  away.  PRICING:  $7,000  per  terabyte. 
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MARK  HALL  ■  ON  THE  MARK 

Wireless  Handheld 
World  Is  a  Wild  West’. . . 

. . .  that  creates  vendor  shootouts  to  attract  developers  —  whether  in¬ 
dependent  software  vendors  or  in-house  programmers.  “Unlike  PCs, 
there  are  enormous  real  differences  in  handheld  devices  that  challenge  de¬ 
velopers,”  says  David  Nagel,  offering  a  litany  of  distinctions,  from  mul¬ 
tiple  screen  sizes  and  keypad  styles  to  the  operating  system  and  wire¬ 
less  service  provider  being  used.  The  CEO  of  PalmSource  Inc.  in  Sun¬ 
nyvale,  Calif.  —  the  company  that  licenses  the  Palm  OS  —  also  points 


out  that  400  million  to  500  million  smart 
phones,  BlackBerry-style  devices  and 
other  wireless-ready  mobile  devices  are 
shipped  each  year,  vs.  about  100  million 
PCs.  That  makes  it  at  once  the  most  con¬ 
fusing  and  most  promising  growth  mar¬ 
ket  around  for  developers.  And  because 
it  lacks  a  dominant  Microsoft  presence, 
Nagel  says,  “it’s  like  early  Wild  West  for 
developers,  with  wide-open  territory.” 
Amid  this  chaos,  handheld  vendors  are 
desperate  to  get  developers  to  settle 
down  with  their  systems  and  tools.  ■ 
Which  explains  last  week’s 
branding  brouhaha  known  as 
Windows  Mobile.  Irwin  Ro¬ 
drigues,  Microsoft’s  lead 
project  manager  for  mobile 
devices,  acknowledges  that 
the  event  could  be  summed 
up  as  “a  message  to  develop¬ 
ers”  that  the  company  now 
has  “a  single  API  tool  set  for 
Pocket  PC  and  Smartphone.” 

Why  spend  all  that  money  on 
invitations,  tchotchkes,  press 
releases  and  the  rest  when  a 
simple  e-mail  to  a  Virtual  Basic 
developer  list  would  do?  Well, 
just  as  Sun  Microsystems  Inc. 


held  its  high-priced  JavaOne  revival 
meeting  for  “wireless  Java”  two  weeks 
prior,  Microsoft  can’t  afford  not  to  attract 
IT  early  in  its  embrace  of  wireless  hand¬ 
helds.  ■  Corporate  interest  and  the  adop¬ 
tion  of  wireless  applications  is  changing 
the  demand  mix  for  handheld  applica¬ 
tions.  So  even  developers  who  dwell  in 
the  IT  netherworld  of  middleware  are 
seeing  opportunities  in  wireless  hand¬ 
helds.  Markham  Tate,  vice  president  of 
business  development  at  SpiritSoft  Ltd. 
in  Milford,  Mass.,  says  his  company  is  re¬ 
leasing  a  J2EE-compliant 
messaging  application  called 
SpiritLite  so  IT  can  push  tech¬ 
nology  updates  to  handhelds. 
Expect  it  to  be  ready  by 
summer’s  end.  ■  That  shift 
in  application  demand  is  ob¬ 
vious  to  Ryan  Wuerch,  CEO 
of  Nashville-based  Palm- 
Gear.com.  While  virtually 
all  categories  are  growing 
among  the  18,000  Palm  OS 
programs  available  on  his 
company’s  site,  the  games 
category  is  suddenly  losing 
ground  to  business  software 
such  as  productivity  appli¬ 


cations.  Wuerch  likens  the  path  of  wire¬ 
less  software  adoption  to  the  early  PC 
days  and  argues  that  the  handheld  mar¬ 
ket  is  following  a  similar  trajectory.  And, 
like  the  PC,  handhelds  will  prevail  over 
the  prior  technology.  (So  move  over, 
Wintel.)  By  2010,  Wuerch  assumes,  your 
workforce  will  include  many  who  have 
the  power  of  today’s  desktop  in  a  hand¬ 
held  and  use  it  occasionally  with  the  cra¬ 
dles,  keyboards  and  displays  found  in  of¬ 
fices,  homes,  hotels,  coffee  shops  and 
wherever  else  their  legs  take  them.  The 
PC  isn’t  in  his  scenario.  ■  If  the  wireless 
market  walks  away  from  Wintel,  it  will 
certainly  be  a  kick  in  the  head  for  the  “tel” 
part,  which  has  so  much  at  stake  in  your 
persistent  replacement  of  PCs  with  new¬ 
er,  faster  models.  But  it’s  already  taken 
one  on  the  chin,  because  if  you  really 
want  the  newest,  fastest  desktop,  don’t 
look  for  the  “Intel  Inside”  logo.  In  August, 
Apple  Computer  Inc.  will  ship  the  fastest  desk¬ 
top  around,  the  Power  Macintosh  G5  64- 
bit  workstation  running  OS  X.  The  SPEC 
CPU  2000  benchmark  reveals  an  Apple 
dual-processor  G5  that’s  about  40%  faster 
than  the  hottest  dual  Intel  Xeon  proces¬ 
sor  desktop.  Much  of  that  comes  from 
the  8GB  of  RAM  you  get,  twice  that  of  a 
32-bit  system.  Depending  on  their  need 
for  speed,  users  will  shell  out  from  $1,999 
to  $2,999  to  have  the  fastest  hardware  in 
town.  ■  Before  you  sign  a  contract  with 
Apple  for  a  truckload  of  new  Macintosh¬ 
es,  think  about  getting  your  company’s  con¬ 
tracts  under  control  with  an  upcoming  re¬ 
lease  (No.  19,  to  be  exact)  of  the  Deter¬ 
mine  Application  Suite,  an  online  con¬ 
tract  management  application  from  San 
Francisco-based  Determine  Software  Inc. 
Among  other  improvements,  the  Aug.  14 
upgrade  will  be  able  to  track  and  audit 
changes  to  Word  documents  used  in  the 
contract  development  process.  So  be 
careful  what  you  say,  especially  about 
contract  lawyers.  I 


Today,  RadView  Soft¬ 
ware  Ltd.  in  Burling¬ 
ton,  Mass.,  unveils 
WebLoad  6.0,  a  soft¬ 
ware  test  product 
that  emulates  Web 
user  activities  on  a 
browser  running  on 
any  platform.  You 
even  get  to  test  Web 
services  operations 
with  the  release.  It’ll 
cost  you  $7,595. 


Microsoft  Freed  From  Carrying  Sun’s  Java 


Ericsson  Taps  IBM 
To  Manage  Apps 

LM  Ericsson  Telephone  Co.  said 
it  has  signed  a  preliminary  agree¬ 
ment  to  outsource  development 
and  maintenance  of  its  IT  appli¬ 
cations  to  IBM.  The  deal  came 
three  weeks  after  Stockholm- 
based  Ericsson  announced  a 
five-year  contract  for  Hewlett- 
Packard  Co.  to  manage  its  IT  in¬ 
frastructure  [QuickLink  38933]. 
Ericsson  expects  to  finalize  the 
IBM  deal  by  September. 


EDS  Set  to  Raise 
$1.7B  in  Funding 

Electronic  Data  Systems  Corp. 
announced  that  it  expects  to 
raise  $1.7  billion  in  new  funding 
through  private  debt  offerings. 
The  deals  followed  decisions 
by  two  major  credit-rating  agen¬ 
cies  to  downgrade  their  ratings 
of  the  struggling  IT  services 
firm’s  debt.  Plano,  Texas-based 
EDS  said  it  will  also  prepay 
$227  million  that  it  owes  to  an 
unidentified  software  vendor. 


Palm  Reports 
Smaller  Q4  Loss 

Palm  Inc.  remained  in  the  red 
during  its  fourth  quarter,  but  the 
handheld  vendor  said  its  results 
were  better  than  expected.  Milpi¬ 
tas,  Calif.-based  Palm  reported  a 
$15  million  net  loss  on  revenue  of 
$225.8  million  for  the  quarter, 
which  ended  May  31.  The  loss 
was  about  half  as  big  as  what 
Wall  Street  analysts  had  forecast. 
In  comparison,  Palm  had  a  year- 
earlier  deficit  of  $27.5  million. 


Short  Takes 

COMPUTER  ASSOCIATES  INTER¬ 
NATIONAL  INC.  and  STEELCL0UD 
INC.  announced  a  deal  under 
which  Dulles,  Va.-based  Steel- 
Cloud  will  build  CA’s  eTrust 
security  software  into  a  line  of 
antivirus  appliances. . . .  IBM 
added  versions  of  its  WebSphere 
Commerce  and  WebSphere  MQ 
middleware  products  that  are 
tailored  for  midsize  companies. 


BY  GRANT  GROSS 

WASHINGTON 

An  appeals  court  last  week  re¬ 
versed  a  lower  court’s  ruling 
that  Microsoft  Corp.  must  dis¬ 
tribute  a  version  of  Java  en¬ 
dorsed  by  Sun  Microsystems 
Inc.  But  the  appeals  court  also 
affirmed  a  ruling  that  Micro¬ 
soft  violated  Sun’s  copyright 
by  distributing  its  own  version 
of  Java  with  its  products. 

Both  companies  claimed 
victory  after  the  Fourth  U.S. 
Circuit  Court  of  Appeals  an¬ 


nounced  its  decision  on  June 
26,  another  step  in  Sun’s  pri¬ 
vate  antitrust  lawsuit  against 
Microsoft. 

U.S.  District  Court  Judge 
Frederick  Motz  erred  in  his 
Dec.  23  ruling  requiring  Micro¬ 
soft  to  carry  the  Sun-compati¬ 
ble  version  of  Java  with  its  op¬ 
erating  systems  and  browser 
products,  since  there  was  no 
proof  that  Sun  would  suffer 
“immediate  irreparable  harm” 
without  the  order,  appeals  court 
Judge  Paul  Niemeyer  wrote. 


The  appeals  court  did  up¬ 
hold  Motz’s  order  prohibiting 
Microsoft  from  distributing 
any  version  of  Java  other  than 
the  one  allowed  by  Sun  in  a 
2001  license  agreement. 

Microsoft  spokesman  Jim 
Desler  called  last  week’s  rul¬ 
ing  a  “positive  step,”  saying 
the  must-carry  order  was  the 
key  issue  that  needed  reso¬ 
lution  on  appeal.  As  for  the 
copyright  infringement  order, 
Microsoft  already  complied  in 
February,  replacing  Windows 


XP  Service  Pack  1  with  XP 
SPla,  which  excludes  Micro¬ 
soft’s  Java  virtual  machine. 

Lee  Patch,  Sun’s  vice  presi¬ 
dent  for  legal  affairs,  called 
the  appeals  court  ruling  on  the 
copyright  infringement  issue 
“an  important  victory  for  the 
Java  community.” 

“This  decision  confirms 
that  Microsoft  violated  our 
prior  settlement  agreement, 
and  that  it  did  so  in  a  way  that 
continued  to  fragment  the  Java 
platform  on  PCs,”  Patch  said.  I 


Gross  writes  for  the  IDG 
News  Service. 


Has  your  Web  Hosting  provider 
left  you  dangling? 


Put  your  business  on  solid  ground.  While  some  Web  Hosting  providers  are  abandoning  their  hosting  operations 
or  struggling  with  questionable  finances,  AT&T  continues  to  grow  and  integrate  our  hosting  services  into  our  networking 
architecture  to  ensure  predictable  performance  of  your  applications  environment. 

You  can  count  on  AT&T’s  best-in-class  hosting  services  to  deliver: 

™  Performance  advantages  of  a  24X365  predictive  management  platform. 
tm  Stability,  security  and  reliability  of  AT&T’s  global  data  centers. 

™  Scalability,  on-demand  capacity  and  ultra  availability  of  AT&Ts  enterprise  networking  solutions. 

■■  Industry-leading  portal  and  reporting  services  for  optimum  control  and  visibility. 

«  Expertise  and  support  of  AT&T  resources. 

AT&T  hosting  professionals  will  ensure  your  migration  is  as  simple  and  as  efficient  as  possible. 

Contact  your  AT&T  Representative  or  our  Rapid  Response  Team  at  I  866  409-7054, 
or  visit  www.att.com/hosting. 

AT&T 

’Eligibility  and  certain  restrictions  apply.  Call  or  log  on  to  learn  more.  Offer  expires  8/31/03. 


Special  Transition  Offer* 


•  FREE  migration  and 
transition  services 

•  Aggressive  and  competitive 
financial  incentives 

•  Generous  hardware  trade-ins 

•  Flexible  contract  terms 

•  Full  satisfaction  guaranteed 
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NetWare  on  Linux 
Coming  This  Year 


Novell  surprises  users  with  plans  to  speed 
up  delivery  of  services  on  Red  Hat,  SuSE 


BY  MATT  HAMBLEN 

Novell  inc.  is  poised 
to  begin  delivering 
on  its  NetWare-on- 
Linux  promise  con¬ 
siderably  sooner  than  many 
users  expected. 

Novell  an¬ 
nounced  at  its 
Brainshare  conference  in  April 
that  it  was  adopting  Linux  as 
its  NetWare  migration  path  by 
making  NetWare  7  —  due  out 
in  two  years  —  a  set  of  ser¬ 
vices  that  would  run  on  both 
the  Linux  and  NetWare  ker¬ 
nels  [QuickLink  37843]. 

But  last  week,  Novell  said  a 
key  set  of  NetWare  services 
running  on  Linux  —  including 
directory,  file,  print,  messag¬ 
ing  and  management  services 
—  will  be  made  available  later 
this  year.  Novell  Nterprise 
Linux  Services  1.0,  which  con¬ 
stitutes  about  60%  of  the  Net¬ 
Ware  services  stack,  will  run 
on  Red  Hat  Enterprise  Linux 
and  SuSE  Linux  Enterprise 
Server.  It  will  go  into  limited 
beta  at  150  sites  next  month, 
Novell  officials  said. 

Several  users  gave  the  move 
an  unqualified  thumbs  up. 

Doug  Boval,  master  network 
engineer  at  St.  Vincent  Hospi¬ 
tal  in  Indianapolis,  said  the 
medical  facility  could  benefit 
from  Novell  support  for  Linux 
in  many  ways,  including  the 
possibility  of  moving  away 
from  “costly  Windows-based 
desktops  to  Linux  desktops.” 
NetWare  on  Linux  also  would 
be  a  compelling  alternative 
to  some  applications  running 
on  high-priced  Unix  systems, 
he  said. 

Scott  Perley,  president  of  the 
Southern  Alberta  Novell  Users 
Group  in  Calgary,  also  wel¬ 
comed  the  move,  saying  he’s 
looking  forward  to  using  such 
products  as  Novell’s  iFolder 
file  services  on  Linux. 


OPEN-SOURCE 


Users  had  every  reason  to 
be  surprised  by  last  week’s 
announcement,  since  Novell 
officials  at  Brainshare  suggest¬ 
ed  that  NetWare  services 
wouldn’t  be  available  on  Linux 
until  the  relatively 
distant  release  of 
NetWare  7.  Those 
officials  are  now  saying  that 
they  planned  all  along  to 
make  some  services  available 
on  Linux  sooner  but  hadn’t 
developed  the  road  map  suffi¬ 
ciently  to  make  an  announce¬ 
ment  at  Brainshare. 

“We  in  fact  knew  a  lot  at 


Brainshare,  but  we  didn't  know 
enough,”  Jeff  Hawkins,  vice 
president  of  Novell’s  Linux 
business  office,  said  last  week. 
“We  were  well  along  the  way 
of  driving  the  engineering  ef¬ 
forts  and  aligning  all  of  the  or¬ 
ganization  behind  this  product 
release,  but  we  weren’t  pre¬ 
pared  to  make  any  announce¬ 
ment  at  Brainshare  about  the 
actual  product  itself.” 

Hawkins  indicated  that 
Novell  will  use  the  launch  of 
NetWare  6.5  this  summer  to 
push  the  new  Linux  offering. 

“There  probably  will  be  [a 
connection  between  NetWare 
6.5  and  Nterprise  Linux  Ser¬ 
vices  1.0]  as  we  look  at  how 
we  get  our  current  customers 


Rashline  Promises  to  Cut 
Redundant  Development 


‘Super-registries’  in 
Version  4  organize 
software  assets 

BY  CAROL  SLIWA 

Flashline  Inc.  today  will  an¬ 
nounce  a  new  version  of  its 
3-year-old  portal-like  flagship 
product  that’s  designed  to 
help  companies  manage  and 
reuse  software  assets  they 
built  using  Web  services,  Java, 
.Net,  open-source  and  model- 
driven  development  methods. 

Flashline  4  features  five  pre¬ 
configured  “super-registries,” 
called  FlashPacks,  to  organize 
a  company’s  software  assets, 
said  Charles  Stack,  CEO  and 
founder  of  the  Cleveland- 
based  company.  A  FlashPack 
serves  as  a  central  hub  where 
developers  can  go  to  evaluate 
projects  their  colleagues  are 
working  on  or  have  completed 
in  specific  development  areas, 
such  as  Web  services,  Java  or 
Microsoft  Corp.’s  .Net. 

FlashPacks  include  XML- 
based  schemata  to  describe 


the  software  assets,  sample 
metadata,  reports  that  mea¬ 
sure  the  usage  of  the  assets 
and  extensions  to  automati¬ 
cally  populate  the  registry. 

The  Flashline  Registry  Ad¬ 
vanced  Edition  introduces  a 
graphical  navigator  to  identify 
how  software  assets  are  relat¬ 
ed  to  particular  projects  and 
map  those  relationships  be¬ 
tween  the  various  projects. 
Coupled  with  new  assets- 


WHAT'S  NEW 


Rashline  4 

FlashPacks  to  organize  and 
manage  software  assets  for  Web 
services,  Java,  .Net,  open-source 
and  model-driven  development 

A  graphical  navigator  to  iden¬ 
tify  relationships  between  soft¬ 
ware  assets  and  similar  ongoing 
development  projects 

More  comprehensive  metrics 
to  compute  return  on  investment 

Finer-grained!  roled-based 
security 


to  embrace  it,”  he  said.  “Those 
are  going  to  be  pricing  and  de¬ 
ployment  strategies.  We’re  not 
announcing  those  right  now, 
but  you  can  imagine  that  those 
are  pretty  important  conversa¬ 
tions  that  are  happening.” 

John  Enck,  an  analyst 
at  Gartner  Inc.,  said  users 
that  plan  to  adopt  Linux  but 
have  never  considered  Net¬ 
Ware  may  like  Novell’s  Linux 
strategy  because  Novell  has 
“stronger  directory  and  file/ 
print  services  than  the  open- 
source  community  provides.” 

Novell  last  week  also  an¬ 
nounced  agreements  with  Dell 
Computer  Corp.,  Hewlett- 
Packard  Co.  and  IBM  under 
which  the  hardware  vendors 
will  offer  Novell’s  Linux  prod¬ 
ucts  on  their  servers  and  col¬ 
laborate  with  Novell  on  Linux 
training  and  support. 

Jim  Stallings,  general  man¬ 
ager  for  Linux  at  IBM,  predict¬ 
ed  that  Novell’s  move  to  sup¬ 
port  Linux  will  put  pressure 


in-progress  capabilities,  the 
navigator  can  help  reveal  simi¬ 
lar  ongoing  development  ef¬ 
forts  within  or  among  pro¬ 
jects,  so  teams  can  eliminate 
redundant  work. 

To  help  teams  meet  their  re- 
turn-on-investment  goals, 
Flashline  is  adding  more  com¬ 
prehensive  metrics  to  allow 
developers  to  see  actual  sav¬ 
ings  from  every  group  that 
used  a  particular  component, 
model  or  pattern,  as  opposed 
to  merely  showing  the  savings 
achieved  by  the  group  that 
created  the  component. 

Other  new  features  include 
finer-grained  role-based  secu¬ 
rity  down  to  the  asset  level 
and  support  for  clustering  in 
IBM’s  WebSphere  and  BEA 
Systems  Inc.’s  WebLogic  ap¬ 
plication  servers. 

Dale  Hite,  chief  technology 
officer  in  the  software  archi¬ 
tecture  group  at  Fidelity  Na¬ 
tional  Financial  Inc.  (FNF)  in 
Jacksonville,  Fla.,  said  he’s  par¬ 
ticularly  interested  in  Flashline 
4’s  new  ROI  calculation  capa¬ 
bilities  and  project  hierarchy 
management  enhancements, 
so  that  the  relationships  of 
components  to  projects  and 
products  can  be  inherited  from 


NEW  PRODUCT 


Novell 

Nterprise  Linux 
Services  1.0 

The  software  will  enter  beta¬ 
testing  next  month;  pricing  wasn’t 
disclosed.  Services  include: 

■  Novell  eDirectory  and  DirXML 

■  Novell  iFolder 

■  Novell  iPrint 

■  Novell  iManager 

■  NetMail 

■  ZENworks  for  Servers 

■  Virtual  Office  via  Extend 
Director  Standard  Edition 

on  companies  like  Microsoft 
Corp.  “that  have  proprietary 
architectures  and  that  charge 
exorbitant  fees  for  them.”  I 


Computerworld ’s  Don  Tennant 
contributed  to  this  report 


one  project  to  the  next.  About 
250  of  FNF’s  geographically 
dispersed  developers  use 
Flashline,  which  runs  on  a  Lin¬ 
ux-based  WebLogic  server,  to 
collaborate  on  component- 
based  projects,  Hite  said. 

Rich  King,  a  software  engi¬ 
neer  at  Diebold  Inc.  in  North 
Canton,  Ohio,  said  his  com¬ 
pany  began  using  Flashline 
about  a  year  ago  as  part  of 
a  push  toward  component- 
based  development  of  auto¬ 
mated  teller  machine  software 
using  Microsoft’s  .Net  tools. 

“We  wanted  to  be  able  to 
create  custom  applications 
in  as  short  a  time  as  possible 
with  the  highest  quality  possi¬ 
ble,”  he  said. 

John  Rymer,  an  analyst  at 
Cambridge,  Mass.-based  For¬ 
rester  Research  Inc.,  said 
Flashline  is  pushing  beyond 
mere  storage,  categorization, 
security  and  check-in/check¬ 
out  capabilities  in  Version  4. 

“They’re  providing  some 
utilities  that  will  help  in  main¬ 
taining,  evolving  and  ultimate¬ 
ly  promoting  much  greater 
reuse  of  assets,”  he  said. 

Flashline  4  will  be  available 
at  the  end  of  July;  pricing 
starts  at  $70,000  for  75  users.  I 
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WE'RE  NOT  HERE  TO  TELL  YOU 
THAT  ANTI-VIRUS  AND 
FIREWALLS  AREN'T  ENOUGH. 

THAT'S  WHAT  WORMS  ARE  FOR. 


/.v .  •  '  •• 

.v.' 


sg^v 

...  3  V'- 


Dynamic  Threat  Protection.  The  most  complete  protection  available. 

Most  large-scale  Internet  attacks  completely  bypass  firewalls  and  anti-virus.  We  stop  these 
threats  cold.  How?  Simple.  We  are  #1  in  the  world  for  security  intelligence  and  threat  protection 
technology.  We  deliver  the  fastest,  most  accurate  detection,  prevention  and  response  solution. 
We  call  it  Dynamic  Threat  Protection.  Visit  us  at  www.iss.net/iss-cw  or  call  800-776-2362. 
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More  Vendors  Rolling  Out 
Sarbanes-Oxley  Software 

New  tools  are  focused  on  automating 
checks  of  financial  controls  by  users 


BY  THOMAS  HOFFMAN 

PENPAGES  INC.  this 
week  will  become 
the  latest  vendor  to 
offer  software  that’s 
designed  to  help  companies 
meet  the  financial  documenta¬ 
tion  and  reporting  require¬ 
ments  of  the  Sarbanes-Oxley 
Act  of  2002. 

And  like  many  other  prod¬ 
ucts  that  have  been  an¬ 
nounced  recently,  the  Web- 
based  software  suite  devel¬ 
oped  by  Westford,  Mass.- 
based  OpenPages  specifically 
addresses  Section  404  of  the 
law.  That  section  requires 
publicly  held  companies  to 
conduct  annual  evaluations  of 
their  financial  reporting  con¬ 
trols  and  procedures. 

Vendors  such  as  Oracle 
Corp.  and  Redmond,  Wash.- 
based  Concur  Technologies 
Inc.  have  also  detailed  Section 
404  compliance  tool  kits 
[QuickLink  38820]. 

In  addition,  Protiviti  Inc.,  a 
Menlo  Park,  Calif. -based  firm 
that  offers  internal  auditing 
and  business-risk  consulting 
services,  last  week  introduced 
a  Web-based  repository  for 
organizing  and  documenting 
Section  404  compliance  plans. 

OpenPages  said  its  Sarbanes- 
Oxley  Express  404  software  is 
based  on  J2EE  technology  and 
runs  on  top  of  application 
servers  from  Oracle  and  San 
Jose-based  BEA  Systems  Inc. 
The  software  is  priced  be¬ 
tween  $25,000  and  $65,000, 
depending  on  the  number  of 
end  users. 

Many  Units,  One  Database 

Volt  Information  Sciences 
Inc.,  a  New  York-based  pro¬ 
vider  of  temporary  staffing 
and  IT  services  that  has  annu¬ 
al  revenue  of  more  than  $2  bil¬ 
lion,  plans  to  finish  installing 
the  OpenPages  software  on  a 


Windows  2000  server  this 
week. 

James  J.  Groberg,  Volt’s 
chief  financial  officer,  said  the 
company  operates  12  business 
units,  each  of  which  has  its 
own  accounting  and  profit- 
and-loss  (P&L)  responsibili¬ 
ties.  For  financial  reporting 
purposes,  “you  have  to  treat 
each  one  differently,”  he  not¬ 
ed.  But  Volt  is  looking  to  de¬ 
velop  a  database  that  links  the 
disparate  accounting  data  un¬ 
der  a  single  structured  format. 

After  evaluating  a  handful 
of  products,  Volt  in  May  set¬ 
tled  on  the  one  developed  by 
OpenPages.  Groberg  said  it 
helped  that  OpenPages  was 
willing  to  make  enhancements 
based  on  Volt’s  suggestions, 
including  the  creation  of  a 


BY  TOM  KRAZITAND 
ROBERT  MCMILLAN 

If  the  third  time  really  is  the 
charm,  then  Intel  Corp.  and  its 
hardware  partners  are  set  to 
reap  the  benefits  of  Madison, 
the  third  generation  of  the  64- 
bit  Itanium  processor  family, 
being  announced  today. 

Momentum  is  finally  build¬ 
ing  behind  Itanium  as  it 
evolves  from  a  low-volume 
product  to  one  that,  with  the 
introduction  of  Madison,  will 
be  more  attractive  to  users, 
said  Dean  McCarron,  princi¬ 
pal  analyst  at  Mercury  Re¬ 
search  in  Cave  Creek,  Ariz. 

Dell  Computer  Corp.  last 
week  released  details  about  its 
new  Itanium  server,  the  Madi¬ 
son-based  PowerEdge  3250, 
which  is  the  company’s  first 
Itanium  server  since  the 
launch  of  the  inaugural  Itani¬ 
um  chip.  Dell  skipped  the  sec¬ 
ond  generation  of  Itanium, 


master  content  chart  of  bal¬ 
ance-sheet  and  P&L  accounts. 

But  even  though  Sarbanes- 
Oxley  compliance  tools  are 
becoming  available  from  more 
vendors,  many  CIOs  and  other 
executives  are  still  having  a 
hard  time  comprehending  the 
act’s  requirements.  Sarbanes- 
Oxley,  which  was  signed  into 
law  last  summer,  includes 
more  than  90  sections  and 
300  discrete  points  of  law. 

Seeking  Clarity 

The  mandates  of  Sarbanes- 
Oxley  “aren’t  very  clear,”  said 
Louis  Boyle,  a  Meta  Group 
Inc.  analyst  based  in  Hilton 
Head,  S.C.  “CIOs  have  been 
asking  us,  ‘What  is  it?  What  do 
we  need  to  do?  How  do  we 
prepare  for  it?’  ” 

The  U.S.  Securities  and  Ex¬ 
change  Commission,  the  Pub¬ 
lic  Company  Accounting 
Oversight  Board  and  other 


known  as  McKinley. 

Dell  decided  to  use  Itanium 
again  because  Madison  deliv¬ 
ers  a  superior  level  of  perfor¬ 
mance  over  the  McKinley  chip 
for  the  same  price,  said  Darrel 
Ward,  a  Dell  product  manager. 
The  PowerEdge  3250  is  a  dual¬ 
processor  server  that  users 
can  cluster  in  up  to  128  nodes, 
Ward  said.  Its  pricing  and 
availability  will  be  announced 
later  this  year. 

Hewlett-Packard  Co.,  IBM, 
Unisys  Corp.  and  others  are 
expected  to  make  systems 
with  the  new  processors  avail- 


regulators  haven’t  specified 
what  kind  of  information 
they’re  looking  for  from  com¬ 
panies,  said  Groberg.  “You’re 
almost  working  in  the  dark  in 


able  during  or  soon  after  to¬ 
day’s  launch. 

Itanium  systems  haven’t  ap¬ 
peared  in  many  server  rooms 
because  of  the  lack  of  enthusi¬ 
asm  for  Intel’s  EPIC  (explicitly 
parallel  instruction  comput¬ 
ing)  instruction  set,  intro¬ 
duced  with  the  first  Itanium 
chip  in  May  2001. 

Many  companies  use  32-bit 
x86  server  processors  such  as 
Intel’s  Xeon,  but  some  are  de¬ 
ciding  that  they  need  to  take 
advantage  of  a  64-bit  proc¬ 
essor’s  ability  to  store  more 
data  in  memory,  as  well  as  the 
wider  general-purpose  regis¬ 
ters  that  allow  for  better  per¬ 
formance. 

But  in  order  to  run  applica¬ 
tions  on  Itanium,  users  must 
port  all  of  them  to  the  new  in¬ 
struction  set,  which  can  be  a 
time-consuming  process. 

Madison’s  increased  perfor¬ 
mance  will  be  an  incentive  to 


terms  of  what  you’re  going  to 
have  to  provide,”  he  said. 

Protiviti  said  its  SarbOx 
Portal  software  is  designed  to 
provide  users  with  a  process- 
based  approach  to  document¬ 
ing  and  evaluating  their  finan¬ 
cial  reporting  controls. 

The  software  is  being  of¬ 
fered  only  to  Protiviti’s  con¬ 
sulting  clients,  and  a  company 
spokesman  said  pricing  “is 
being  kept  confidential.”  I 


make  that  switch,  especially 
for  users  of  Microsoft  Corp.’s 
SQL  Server  database,  said 
Nathan  Brookwood,  principal 
analyst  at  Insight  64  in  Sarato¬ 
ga,  Calif.  “SQL  Server  has  real¬ 
ly  only  existed  on  the  32-bit 
Intel  Xeons,  and  databases  are 
the  horizontal  application  that 
benefit  the  most  from  64-bit 
architectures,”  said  Brook- 
wood.  “Anybody  who  is  using 
SQL  Server  on  Xeon  and  run¬ 
ning  out  of  gas  is  going  to  love 
this  processor.” 

Advanced  Micro  Devices 
Inc.  also  offers  an  alternative 
for  users  contemplating  a  64- 
bit  architecture.  The  Opteron 
processor,  launched  in  April, 
uses  64-bit  extensions  to  the 
x86  instruction  set  to  let  com¬ 
panies  keep  some  of  their  ap¬ 
plications  running  at  32  bits 
while  they  port  the  applica¬ 
tions  that  a  64-bit  architecture 
will  benefit  the  most.  I 


Krazit  and  McMillan  write  for 
the  IDG  News  Service. 


How  would  you  characterize  your  company’s 
understanding  of  the  Sarbanes-Oxley  Act? 


We  feel  confident 
we  have  a  grasp  of 
it,  but  we  have 
more  work  to  do 


We  have  a 
minimal  under¬ 
standing  and 
need  help. 


We’re  just 
now  getting 
our  bearings. 


Excellent;  we 
have  a  really  strong 
grasp  of  the  law. 


BASE:  An  online  poll  of  corporate  executives  who  took  part  in  a  June  26  webcast 
sponsored  by  Business  Finance  magazine;  a  total  of  292  responses  were  received. 


Intel  Hopes  Madison  Will  Boost  Itanium  Use 
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We’ve  always  made  your  applications  reliable.  Now  we  make  them  faster,  too. 
VERITAS  acquired  l  recise  Software,  the  leader  in  application  performance. 
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BRIEFS 


Microsoft  Blends 
Business  Units . . . 

Microsoft  Corp.  said  it  has  com¬ 
bined  its  Windows  server,  stor¬ 
age  software  and  developer  out¬ 
reach  organizations  into  a  single 
unit.  Eric  Rudder,  a  senior  vice 
president  who  had  been  in 
charge  of  the  developer  opera¬ 
tion,  will  head  the  merged  unit. 
The  company  also  named  Peter 
Cullen  chief  privacy  strategist, 
effective  July  14.  Cullen  is  now 
corporate  privacy  officer  at  Roy¬ 
al  Bank  of  Canada  in  Toronto. 


. . .  And  Warns  of 
Windows  Flaws 

Microsoft  warned  of  two  newly 
discovered  security  vulnerabili¬ 
ties,  including  one  that  involves 
the  Windows  Media  Services  fea¬ 
ture  in  server  versions  of  Win¬ 
dows  2000.  Microsoft  gave  the 
flaw  an  “important”  severity  rat¬ 
ing  and  said  attackers  could  use 
it  to  run  malicious  code  on  un¬ 
protected  systems.  The  other 
hole  is  in  Microsoft’s  Windows 
Media  Player  9  Series  software. 


SAP,  Oracle  to 
Resell  Adapters 

Information  Builders  Inc.’s  iWay 
Software  Inc.  unit  in  New  York 
said  SAP  AG  plans  to  resell  a 
software  adapter  that  connects 
SAP’s  NetWeaver  integration 
technology  to  the  UCCnet  prod¬ 
uct  data  synchronization  hub. 
Meanwhile,  Attunity  Ltd.  in 
Wakefield,  Mass.,  said  Oracle 
Corp.  will  resell  a  set  of  adapters 
that  link  its  Oracle9i  Application 
Server  software  to  mainframes. 


Short  Takes 

GEAC  COMPUTER  CORP.  in  Mark¬ 
ham,  Ontario,  said  it  has  agreed 
to  buy  COMSHARE  INC.,  a  devel¬ 
oper  of  corporate  planning  and 
budgeting  software  in  Ann  Arbor, 
Mich.,  for  S52  million  (U.S.)  in 
cash. . . .  ADVANCED  MICRO 
DEVICES  INC.  said  it  will  report 
lower-than  expected  sales  for 
the  second  quarter. 


NY  Hospitals  Part 
Ways  on  ft  Tap  IBM 


Outsourcing  deals 
to  separate  systems, 
tech  strategies 

BY  BOB  BREWIN  AND 
JUAN  CARLOS  PEREZ 

IBM  last  week  announced 
that  it  has  signed  con¬ 
tracts  to  manage  the  core 
computing  systems  of 
three  New  York  hospitals, 
which  are  using  the  deals  to 
dismantle  a  shared  IT  unit  so 
each  facility  can  set  its  own 
technology  direction. 

The  agreements  with  Mount 
Sinai  Hospital,  New  York  Uni¬ 
versity  Medical  Center  and 
NYU  Downtown  Hospital  go 
into  effect  this  week  and  have  a 
combined  value  of  $380  million 
over  the  next  10  years,  IBM 
said.  Together,  they  represent 
the  largest  hospital  IT  out¬ 
sourcing  deal  the  company  has 
won  thus  far. 

The  three  hospitals  began 
consolidating  their  IT  depart¬ 
ments  in  1998,  when  they  were 
combined  under  a  nonprofit 
holding  company  called  Mount 
Sinai  NYU  Health.  They  now 
share  a  data  center  at  a  Mount 
Sinai  building  in  Manhattan. 

During  the  next  18  months, 
IBM  will  transfer  applications 
from  that  data  center  to  redun¬ 
dant  facilities  it  owns  on  Staten 
Island  and  in  Rochester,  N.Y. 
Dave  Liederbach,  vice  presi¬ 
dent  of  IBM’s  health  care  in¬ 
dustry  unit,  said  the  company 
will  host  all  of  the  clinical  and 
business  applications  for  the 
three  hospitals  and  provide 
disaster  recovery  and  business 
continuity  capabilities.  “We’re 
basically  facilitating  a  restruc¬ 
turing  and  separation  of  their 
IT  infrastructure,”  he  said. 

Richard  Donoghue,  senior 
vice  president  of  strategy  and 
business  development  at  NYU 
Medical  Center,  said  the  IT  re¬ 
quirements  of  the  three  hospi¬ 
tals  have  started  to  diverge. 
“The  demands  placed  on  the 
IT  department  by  the  hospitals 


were  pulling  the  IT  leadership 
in  different  directions  and  cre¬ 
ating  problems,”  he  said. 

For  example,  Donoghue 
said,  NYU  Medical  Center 
wants  to  carry  out  an  IT  devel¬ 
opment  plan  at  its  own  pace 
and  according  to  its  own  prior¬ 
ities,  without  having  to  coordi¬ 
nate  projects  with  Mount  Sinai 
Hospital.  Each  hospital  also 
wants  to  set  an  independent 
strategy  for  meeting  the  priva¬ 
cy  requirements  of  the  Health 
Insurance  Portability  and  Ac¬ 
countability  Act,  he  added. 

The  hospitals  expect  IBM  to 
split  the  IT  infrastructure  into 
three  entities  by  mid-2005,  ac¬ 
cording  to  Donoghue.  About 
340  of  the  500  staffers  in  the 
shared  IT  department  will  be 
shifted  to  IBM,  he  said.  Other 
workers  will  be  assigned  to 
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Siemens  Rollout  Encrypts 
Medical  E-mail  Messages 


Tool  will  help  ensure 
HIPAA  compliance 

BY  BOB  BREWIN 

Siemens  AG’s  health  care  tech¬ 
nology  unit  today  plans  to  in¬ 
troduce  a  secure  messaging 
system  designed  to  ensure  that 
electronic  communications  be¬ 
tween  patients  and  their  doc¬ 
tors  and  between  physicians 
and  hospitals  comply  with 
data  privacy  laws. 

Sue  Merk,  director 
of  community  innova¬ 
tions  at  Erlangen,  Germany- 
based  Siemens  Medical  Solu¬ 
tions,  said  the  new  system 
supports  the  Advanced  En¬ 
cryption  Standard  and  is  built 
around  technology  from  Sigaba 
Corp.,  a  subsidiary  of  Secure 
Data  In  Motion  Inc.  in  San 
Mateo,  Calif. 

The  software  can  scale  from 
small  medical  practices  to  the 
largest  hospitals,  Merk  said.  It 


uses  a  rules-based  engine  to 
check  e-mail  and  instant  mes¬ 
sages  for  any  personally  iden¬ 
tifiable  information  about 
patients,  in  keeping  with  the 
requirements  of  the  Health 
Insurance  Portability  and 
Accountability  Act  (HIPAA). 

Messages  that  have  such 
data  are  then  encrypted.  End 
users  can  access  encrypted 
e-mail  by  typing  in  a  user 
name  and  password,  which 
activates  a  Sigaba- 
developed  secure  key 
server.  The  system  can 
also  be  beefed  up  to  require 
the  use  of  biometric  identifiers 
such  as  thumbprints,  Merk  said. 

Alegent  Health,  an  Omaha- 
based  nonprofit  health  care 
company  that  operates  eight 
hospitals  and  100  medical  clin¬ 
ics,  has  signed  on  to  use  the 
new  messaging  system.  Ken 
Lawonn,  vice  president  of  IT 
at  Alegent,  said  the  company 
views  e-mail  as  an  effective 


the  individual  hospitals,  partly 
to  help  manage  their  outsourc¬ 
ing  relationships  with  IBM. 

Liederbach  said  he  doesn’t 
know  how  many  applications 
IBM  will  host  and  support  in 
total,  but  he  noted  that  it 
could  “run  into  the  hundreds.” 

Although  the  outsourcing 
contracts  are  separate,  they 
share  one  important  element: 
the  creation  of  improved  dis¬ 
aster  recovery  capabilities. 

The  move  to  set  up  redundant 
data  centers  is  designed  to  en¬ 
sure  continuity  of  IT  opera¬ 
tions  in  the  event  of  a  natural 
disaster  or  an  incident  like  the 
Sept.  11  terrorist  attacks. 

The  attacks  in  2001  de¬ 
stroyed  NYU  Medical  Center’s 
data  center,  which  was  near 
the  World  Trade  Center  com¬ 
plex.  It  took  the  hospital  three 
days  to  restore  its  critical  sys¬ 
tems,  whereas  the  contract 
with  IBM  stipulates  that  appli¬ 
cations  must  be  back  in  opera¬ 
tion  within  12  hours.  ft 


Perez  writes  for  the  IDG 
News  Service. 


way  to  do  business  but  also 
needs  to  ensure  that  it  com¬ 
plies  with  HIPAA. 

Alegent  has  5,000  e-mail 
accounts,  and  Lawonn  said  it 
plans  to  run  all  external  mes¬ 
sages  through  the  Siemens 
software.  He  added  that  he’s 
also  looking  to  use  the  system 
to  support  direct  forms  of 
communication,  including 
e-mail  billing  and  sending 
medical  records  to  patients. 

Alegent  installed  a  small 
HP/Compaq  server  to  run  the 
software  and  paid  an  upfront 
fee  of  about  $14,000.  Siemens 
will  bill  Alegent  on  a  per- 
message  basis  under  an  appli¬ 
cation  service  provider  con¬ 
tract,  Merk  said.  Doctors  who 
practice  at  Alegent  facilities 
pay  $10  per  month  for  unlimit¬ 
ed  access  to  the  messaging  sys¬ 
tem  via  a  PC  plug-in. 

Lawonn  said  Alegent  em¬ 
ployees  would  have  to  send 
more  than  1  million  messages 
each  year  —  a  total  that  isn’t 
realistically  possible  now  — 
before  the  company  would 
need  to  consider  buying  the 
Siemens  software  outright.  I 
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SO  HOW  ARE  YOU 
SUPPOSED  TO  GROW  REVENUE? 

The  answer  is  integration.  TIBCO  Software's  proven 
integration  solutions  will  help  your  company  cut 
costs  while  increasing  the  capability,  agility  and  effi¬ 
ciency  of  your  business.  By  unifying  and  optimizing 
your  existing  assets — people,  processes  and  legacy 
systems — you  can  do,  more  with  what  you  already 
have.  And  do  it  better. 

TIBCO  gives  you  the  benefits  of  real-time  business, 
getting  information  where  and  when  it's  needed  and 
coordinating  activities  end-to-end.  You'll  automate 
processes,  while  giving  people  the  information  to 
make  better  decisions  and  act  more  quickly.  It's  what 
we  call  The  Power  of  Now™  Our  unbiased  approach, 
proven  technology  and  easily-deployed  integration 
solutions  will  help  you  grow  your  business  even  in 
today's  difficult  environment. 


TIBCO  is  the  leading  independent 
integration  software  provider. 


Delta  Air  Lines,  NASDAQ  and  Pirelli  are  among  more 
than  2,000  leading  companies  we've  helped  to  cut 
costs  and  drive  revenue.  Learn  how  we  can  help  your  company  do 
more  with  less.  Call  800-420-8450,  or  visit  us  at  www.tibco.com/cwb 


■TIBCO 

The  Power  of  Nov/” 
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Continued  from  page  1 

SOAP 

week  that  Version  1.2  of  SOAP 
—  a  key  foundation-level  tech¬ 
nology  for  companies  building 
Web  services  —  has  achieved 
“recommendation”  status. 

Recommendation  status 
means  SOAP  1.2,  a  set  of  rules 
for  exchanging  structured  in¬ 
formation  among  systems  or 
organizations,  is  a  fully  vetted 
standard  that  has  gone  through 
a  rigorous  public-review  proc¬ 
ess  and  substantive  interoper¬ 
ability  testing. 

By  contrast,  SOAP  1.1  was  a 
de  facto  standard  that  was  nev¬ 
er  vetted  by  the  W3C  or  any 
other  standards  body,  said  Don 
Deutsch,  vice  president  of  stan¬ 
dards  strategy  and  architecture 
at  Oracle  Corp.  and  a  member 
of  the  W3C  Advisory  Board. 

The  W3C’s  XML  Protocol 
Working  Group,  which  was  re¬ 
sponsible  for  SOAP  1.2,  identi- 


Continued  from  page  1 

Outsourcing 

is  the  dominant  trend  in  the 
IT  services  industry,  with  42% 
of  the  application  manage¬ 
ment  contracts  now  having 
some  offshore  component.  A 
big  reason  is  cost. 

Bob  Walters,  IT  director  at 
supply  chain  system  provider 
Intermec  Technologies  Corp. 
in  Everett,  Wash.,  surveyed  de¬ 
velopment  costs  recently  at  an 
SAP  AG  user  conference.  He 
determined  that  U.S.  compa¬ 
nies  are  charging  $80  to  $120 
per  hour  for  programming 
work,  while  the  fee  for  off¬ 
shore  providers  is  about  $40. 

When  you  can  pay  a  third 
of  the  price,  offshore  is  “some¬ 
thing  that  has  to  be  consid¬ 
ered,”  said  Walters. 

As  offshore  business  grows, 
so  does  competition  for  it.  Pi¬ 
oneering  India-based  offshore 
companies,  such  as  Tata  Sons 
Ltd.,  are  facing  increasing 
competition  from  the  large 
U.S.  IT  consulting  firms.  Ac¬ 
centure  CEO  Joe  W.  Forehand, 
who  spoke  at  the  Gartner  con¬ 
ference,  compared  the  trend  to 
r.he  previous  exodus  from  the 
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fied  and  resolved  more  than 
400  technical  and  editorial  is¬ 
sues  raised  about  the  prior 
version.  The  group  later 
tracked  seven  SOAP  1.2  imple¬ 
mentations  from  various  W3C 
member  organizations  and  in¬ 
dependent  developers  to  en¬ 
sure  their  interoperability. 

SOAP  1.2  provides  a  more 
precise  description  of  the 
processing  model  and  removes 
ambiguities  that  sometimes 
led  to  interoperability  prob¬ 
lems  for  those  trying  to  imple¬ 
ment  Version  1.1,  said  David 
Fallside,  chairman  of  the 
W3C’s  XML  Protocol  Working 
Group  and  a  senior  technical 
staff  member  at  IBM. 

“By  providing  the  process¬ 
ing  model  in  greater  detail  and 
expanding  the  scope  of  cases 
that  it  covers,  you  significantly 
reduce  the  chances  that  two 
different  people  sent  off  to  im¬ 
plement  the  specification 
would  come  up  with  imple¬ 
mentations  that  are  not  inter- 


U.S.  of  many  manufacturing 
operations.  “The  way  we  look 
at  it,  the  industrialization  of 
IT  is  a  reality,  and  we  have  to 
embrace  that,”  he  said. 

Competition  is  also  becom¬ 
ing  more  global.  In  the  vendor 
exhibit  hall,  Bamboo  Ne  tworks 
Ltd.’s  mere  presence  raised 
eyebrows.  Some  rivals  said  it 
was  the  first  China-based  out¬ 
sourcer  to  set  up  a  booth  at  a 
U.S.  outsourcing  conference. 

China  is  considered  some- 


SOAP  1.2 


■  Clarifies  processing  model 

■  Provides  better  integration 
with  XML  standards 

■  Is  protocol-independent 

■  Allows  performance  opti¬ 
mization,  because  it's 
based  on  XML  Infoset 

operable,”  Fallside  said. 

But  it’s  unclear  when  ven¬ 
dors  will  adopt  SOAP  1.2. 
Deutsch  said  Oracle  is  com¬ 
mitted  to  supporting  the  stan¬ 
dard,  but  he  couldn’t  say  when 
that  will  happen  because  “to 
do  anything  meaningful”  with 
SOAP,  most  tool  kits  depend 
on  another  standard,  the  Web 
Services  Description  Lan¬ 
guage  (WSDL).  The  W3C  is 
still  working  on  WSDL  1.2. 
Deutsch  said  it  will  take 
“some  time”  for  vendors  to 
fully  support  all  the  features 
of  SOAP  1.2,  so  during  the 


thing  of  a  sleeping  giant  in  the 
offshore  world  that  isn’t  quite 
ready  to  compete  with  India. 
China  “represents  the  next 
wave”  in  offshore  outsourcing, 
said  Traci  Gere,  an  IDC  analyst. 

Rajesh  Rao,  chief  operating 
officer  at  Hong  Kong-based 
Bamboo,  which  operates  an 
offshore  development  center 
in  Guangzhou,  China,  said  the 
company  believes  it  has  devel¬ 
oped  its  offshore  processes 
sufficiently  to  compete  for 


transition  period,  SOAP  1.1 
will  co-exist  with  SOAP  1.2. 

Jason  Bloomberg,  an  analyst 
at  ZapThink  LLC  in  Waltham, 
Mass.,  said  he  thinks  it  will 
take  a  year  or  two  for  SOAP 
1.2  to  work  its  way  into  prod¬ 
ucts.  In  the  meantime,  “ven¬ 
dors  and  end  users  are  going 
to  be  annoyed  at  times  at  the 
fact  that  there  are  two  [ver¬ 
sions  of  SOAP],”  he  said.  But 
he  added  that  work  is  ongoing 
in  the  Web  Services  Interoper¬ 
ability  (WS-I)  Organization  to 
create  profiles  on  how  to  use 
standards  such  as  SOAP. 

Users  will  have  to  wait  for 
SOAP  1.2’s  improvements, 
such  as  protocol-agnosticism. 
SOAP  1.1  confined  users  to 
sending  messages  over  HTTP, 
but  with  1.2,  they  will  be  able 
to  choose  other  protocols, 
such  as  SMTP,  TCP/IP,  BEEP 
(the  Blocks  Extensible  Ex¬ 
change  Protocol)  and  IBM’s 
MQSeries,  Fallside  said. 

“We  expect  a  lot  of  people 


U.S.  customers. 

One  user  of  offshore  ser¬ 
vices,  Sudhir  Agarwal,  senior 
manager  of  architecture  and 
services  at  Verizon  Communi¬ 
cations  in  New  York,  said  In¬ 
dia’s  talent  pool,  its  populace’s 
proficiency  with  English  and 
the  country’s  U.S.  connections 
will  ensure  India  a  dominant 
role  for  years  to  come.  But 
China’s  emergence  “is  good 
for  companies  in  the  U.S.,” 
Agarwal  added.  I 


will  flow  XML  messages  over 
HTTP,  so  there  is  an  HTTP 
binding  for  SOAP.  But  you 
don’t  have  to  use  it,”  he  said. 

Bloomberg  said  HTTP  was 
never  designed  for  system- 
to-system  communications. 
“HTTP  was  really  designed 
for  hypertext.  HTTP  is  syn¬ 
chronous,  and  it’s  not  secure. 
It’s  not  reliable,”  he  said.  “So 
it’s  definitely  good  to  support 
other  protocols  for  different 
uses,  whether  it’s  message 
queuing  protocols  or  asyn¬ 
chronous  messaging  protocols 
of  other  kinds.” 

Division  of  Labor 

The  W3C  group  working  on 
SOAP  1.2  split  the  specifica¬ 
tion  into  two  parts  —  essential 
SOAP  (which  includes  the 
processing  model,  the  extensi¬ 
bility  framework  and  the  mes¬ 
sage  construct),  and  optional 
elements,  such  as  the  rules  for 
representing  a  remote  proce¬ 
dure  call  (RPC),  encoding 
SOAP  and  describing  an 
HTTP  binding.  Fallside  said 
the  separation  breaks  the  old 
perception  that  SOAP  is  mere¬ 
ly  RPC  over  HTTP. 

Another  key  change  in 
SOAP  1.2  is  that  it’s  based  on 
the  XML  Information  Set, 
which  provides  a  way  of  de¬ 
scribing  the  information  con¬ 
veyed  in  an  XML  document. 
By  contrast,  pointy  brackets 
were  paramount  with  SOAP 
1.1,  which  was  based  on  XML 
1.0  serialization,  Deutsch  said. 

“The  upshot  is  more  flexi¬ 
bility  in  the  representation  of 
messages,  so  you  can  tailor  or 
customize  for  your  applica¬ 
tion/business  requirements,” 
he  said. 

Fallside  said  this  will  be 
helpful  for  companies  that 
need  to  send  more  compact 
messages  between  applica¬ 
tions  via  an  extremely  low- 
bandwidth  connection.  He 
said  he  expects  that  most 
companies  will  still  use  XML 
representations,  since  that  will 
allow  them  to  use  off-the-shelf 
tools  and  applications.  I 


BASIC  PROFILE 

The  WS-I  Organization  will  consider  incorpo¬ 
rating  SOAP  1.2  into  its  Basic  Profile: 
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LOS  ANSELES 


According  to  Gartner  Inc.,  busi¬ 
ness  process  outsourcing  (BP0) 
is  on  the  rise,  with  outsourcing 
of  the  human  resources  compo¬ 
nent  expected  to  grow  the 
fastest.  Approximately  85%  of 
U.S.  companies  will  outsource 
one  or  more  human  resources 
functions  in  the  near  future,  with 
payroll  processing  often  being 
the  first  step. 

Key  to  any  successful  out¬ 
sourcing  relationship  is  the  abili¬ 
ty  to  measure  the  cost  of  provid¬ 
ing  existing  services,  said  Gart¬ 


ner  analyst  Rob  Brown. 

Another  hot  BP0  area  is  in¬ 
surance.  Liberty  Insurance  Ser¬ 
vices  Corp.,  a  subsidiary  of 
Toronto-based  Royal  Bank  of 
Canada,  is  one  provider. 

Its  insurance  BP0  work  can 
involve  a  combination  of  off¬ 
shore  and  onshore  development, 
said  Ted  Coia,  vice  president  of 
the  Greenville,  S.C.-based  sub¬ 
sidiary.  But  customer  data  stays 
in  the  U.S.  An  offshore  center 
may  see  a  policy  image  that  re¬ 
quires  data  entry,  but  that's  the 
extent  of  the  interaction.  Regula¬ 


tors  don’t  like  insurance  data  to 
go  offshore,  he  said. 

insurance  BP0  covers  a 
range  or  services,  including 
transaction  and  claims  process¬ 
ing,  any  kind  of  data  entry,  un¬ 
derwriting  and  policy  administra¬ 
tion.  Gartner  expects  the  insur¬ 
ance  BP0  market  to  increase 
from  $6.8  billion  this  year  to 
$8.9  billion  by  2005. 

Human  resources  outsourcing 
services  are  expected  to  reach 
$46  billion  this  year  and  $51  bil¬ 
lion  next  year,  Gartner  said. 

-  Patrick  Thibodeau 


Server  blades  engineered  to  work 
across  complex  computing  environments. 


HP  ProLiant  server  blades,  powered  by  Intel®  Xeon™  processors,  are  designed  to  support  a  variety  of  robust  enterprise  solutions, 

including  SANs.  It  is  not  difficult  to  appreciate  the  architectural  excellence  of  the  new  HP  ProLiant  BL40p  and  BL20p  G2  server  blades.  They're  the  most  powerful,  flexible, 
industry-standard  blades  for  business  today.  In  addition  to  meeting  your  company's  expanding  needs  for  server  capacity,  they're  designed  with  SAN  connectivity  to  support 
sophisticated  storage  environments— easily,  reliably  and  affordably.  Combined  with  HP  ProLiant  Essentials  software,  they  can  dramatically  reduce  deployment  time  and  help 
maximize  productivity.  Which  means,  of  course,  your  business  saves  money.  Demand  more  from  your  IT  systems.  Integrate  HP  ProLiant  server  blades  into  your  environment. 
And  carry  your  business  to  a  stronger,  more  cost-effective  place. 


XEON 


I  HP  ProLiant  BL20p  G2 

!  Up  to  two  Intel®  Xeon™  processors  DP  3.06  GHz 

I"  Available  with  three  10/100/1000  NICs  and 
one  management  NIC  plus  dual  2Gb  fibre 
channel  mezzanine  card 

-  Up  to  8GB  DDR  memory 

!  Optional  Rapid  Deployment  Pack 
I  software  allows  for  quick  multi-server  deployment 


Complements  ProLiant 
server  blades 


HP  MODULAR  SAN 
ARRAY  1000 


ProLiant  servers  and  the  MSA  1000 
have  been  engineered  to  work 
better  together.  To  safely  migrate 
data  in  a  SAN  environment,  simply 
remove  ProLiant  drives  and  insert 
them  into  the  MSA  1000. 


Demand  more  with  HP  ProLiant  server  blades.  Download  IDC's  white  paper,  "Enabling  Business  Agility  Through  ! 
at  www.hp.com/go/proliant55  or  dial  1-877-865-1161  and  mention  code  AAJA. 


Intel,  Intel  Inside,  the  Intel  Inside  Logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©2003  Hewlett-Packard  Development  Company,  L  P 
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Sun  Exec  Opposed  to 
Open-Source  Java 


Schwartz:  Current 
process  produces 
uniform  standard 

BY  CAROL  SLIWA 

SAN  FRANCISCO 

Jonathan  Schwartz,  executive 
vice  president  of  software  at 
Sun  Microsystems  Inc.,  spoke 
with  Computerworld  at  the 
company’s  recent  JavaOne  con¬ 
ference  here  about  the  possibil¬ 
ity  of  Java  becoming  an  open- 
source  technology  and  other 
issues.  Excerpts  follow: 

Should  Java  be  made  fully  open- 
source?  The  problem  with 
open-source  is  that  [victory] 
goes  to  volume,  and  that’s  evi¬ 


dent  in  the  Linux  community 
today  where  ISVs  [independent 
software  vendors]  are  qualify¬ 
ing  to  Red  Hat  and  abandoning 
everyone  else.  Why?  Because 
Red  Hat  has  volume. 

If  Java  were  open-source, 
Microsoft  could  take  it,  deliver 
it  as  they  saw  fit  and  drive 
a  definition  of  Java  that  was 
divergent  from  the  one 
that  the  [wider]  com¬ 
munity  wanted  to  be 
compatible  [with].  And 
to  the  victor  would  go 
the  spoils  of  that  nefari¬ 
ous  action. 

To  the  extraordinary 
credit  of  the  Java  Com¬ 
munity  Process  [JCP], 
we  have  a  uniform, 


compatible  standard  that  now 
spans  hundreds  of  millions  of 
devices.  You  have  to  really  be 
careful  in  understanding  the 
distinction  between  open- 
source  and  open  standards. 

An  IBM  executive  once  told  me 
those  two  terms  mean  the  same 
thing.  IBM  is  dead  wrong,  and 
I  also  think  that  IBM  is  some¬ 
what  duplicitously  straddling 
that  gap  for  its  own  benefit, 
exploiting  the  open-source 
community  on  the  one  hand 
and  then  on  the  other 
hand  trying  to  derive  a 
proprietary  advantage 
from  its  implementa¬ 
tions  of  open-source 
products. 

Did  IBM  talk  to  you  before 
including  its  proprietary 
graphical  user  interface 
technology,  the  Standard 


Widget  Toolkit  (SWT),  in  its  open- 
source  Eclipse  platform?  No. 

And  I  think  what  they’ve  done 
with  SWT  violates  really  what 
you  would  want  to  do  with  the 
Java  platform.  No  one  wants 
“write  once,  run  on  this  oper¬ 
ating  system.”  IBM  has  a  lot  of 
weight,  and  they  don’t  like  the 
JCP,  I  think  in  part  because 
they  can’t  throw  their  weight 
around.  They  are  just  one 
voice  of  many. 

Sun  gave  all  of  the  keynotes  at 
JavaOne.  Why  did  other  key  Java 
vendors  have  such  a  small  pres¬ 
ence?  You’ll  notice  that  no¬ 
body  from  Sim  got  up  and 
really  talked  about  Sun  prod¬ 
ucts.  We  talked  about  the 
health  of  the  [Java]  community 
as  probably  the  company  that 
has  the  single  biggest  vested 
interest  in  its  success.  I  think 
that  the  folks  who  came  to 


JavaOne  wanted  that. 

Some  attendees  noted  IBM’s  near 
absence.  I  think  it’s  an  obvious 
absence.  Microsoft  wasn’t 
here,  either. 

No  one  would  have  expected 
Microsoft.  Now  that  we’ve  set¬ 
tled  the  Java  issue  with  re¬ 
spect  to  distribution,  that’s  no 
longer  an  issue  for  Microsoft 
to  manage  explicitly.  Who 
knows?  Maybe  we’ve  got  some 
partnering  opportunities  with 
Microsoft.  We  do  have  a  com¬ 
mon  competitor  in  the  form  of 
IBM. ...  If  they  would  abide 
by  the  contract,  we  would  love 
to  work  with  them,  i 


MORE  ONLINE 

To  read  more  of  Schwartz's  thoughts  about 
Java,  go  to  our  Web  site: 

QuickLink  39294 
www.computerworidl.com 


YOU  CAN  PAY  FOB  A 
BUSINESS  SOLUTION. 

IF  YOU’D  LIKE.  I  PREFER 

ONE  THAT  BASICALLY 

PAYS  FOR  ITSELF. 


Shrinking  budgets  present  you  with  difficult  challenges,  like  “How  on  earth  do  I 
do  more  with  less?”  Answer:  with  new  packaged  solutions  from  SAP.  Based  on  industry 
best  practices  (and  our  30  years’  experience),  these  preconfigured  solutions  address 
specific  problem  areas  within  your  organization.  And  because  implementation  is  simpler, 
you  see  quicker  ROI.  Learn  more  about  our  new  packaged  solutions.  And  how  affordable 
they  really  are.  Visit  sap.com/packaged  or  call  800  880  1727  for  more  details. 
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A  Premier  100  IT  Leader  Is: 

•  An  Innovative  Problem  Solver  Who 
Utilizes  the  Latest  Developments 
in  Technology 

•  An  Effective  Implementer  of  IT 
Strategies 

•  A  Technology  Visionary  Who 
Recognizes  New  Trends  and 
Directions 

•  A  Creative  Thinker  Who  Fosters  a 
Dynamic  Work  Environment 

•  A  Key  Technology  Contributor  to 
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•  A  Driving  Force  in  Their  Organization 
Who  Introduces  State-Of-The-Art 
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Beating  the  Odds 


At  a  time  when  good  news  about 
IT  is  as  unexpected  as  a  winning  lot¬ 
tery  ticket,  our  story  about  Hilton  Ho¬ 
tels’  daredevil  infrastructure  upgrade 
is  quite  a  standout  (see  story,  page  25). 
It  makes  for  especially  welcome  reading  in  the 


wake  of  the  latest  re¬ 
search  decrying  the  drea¬ 
ry  state  of  successful  IT 
project  completions. 

In  a  survey  of  some 
2,000  companies  (more 
than  800  of  them  in  the 
Fortune  1,000),  The 
Hackett  Group  in  Atlanta 
found  that  unless  a  com¬ 
pany  is  among  the  top 
25%  of  technology  users, 
three  in  10  IT  projects  fail 
on  average,  and  that  less 
than  40%  of  IT  managers  have  any 
faith  that  their  departments  can  re¬ 
act  quickly  enough  to  changing 
business  goals.  On  top  of  this,  less 
than  half  of  companies  even  bother 
to  validate  an  IT  project’s  business 
value  after  it  has  been  completed 
[QuickLink  39300]. 

How  many  of  these  depressing 
studies  and  statistics  have  you  read 
in  recent  years?  Yeah,  I’ve  lost  count 
too.  The  problem  with  them  is  how 
little  they  contribute  to  actually  solv¬ 
ing  any  of  the  real-world  problems 
associated  with  complex  IT  projects. 

That’s  what  I  found  so  riveting  in 
reporter  Gary  H.  Anthes’  account  of 
Hilton’s  megaoverhaul  of  its  Unix 
client/server  system.  It’s  an  honest, 
warts-and-all  look  inside  a  massive 
infrastructure  upgrade  —  one  that’s 
been  slogging  away  during  the  most 
prolonged  downturn  in  IT  history. 
Your  company  may  not  be  the 
world-famous  Hilton  chain,  but  the 
problems  encountered  and  solved 
by  its  IT  group  will  still  resonate 
with  familiarity. 

“We  had  every  platform  and  oper¬ 
ating  system  under  the  sun,”  says 
Damien  Bean,  Hilton’s  vice  presi¬ 
dent  of  corporate  systems.  He  also 


editor  in  chief  of  Compul- 
erworld.  You  can  contact 
her  a 


had  1,500  users  standing 
by  as  potential  front-line 
critics  as  the  IT  depart¬ 
ment  gambled  on  a  mi¬ 
gration  to  PeopleSoft  8, 
Microsoft  Windows 
2000  Server  and  SQL 
Server  2000  running  on 
Dell  servers. 

It  was  a  move  fraught 
with  risk  because  none 
of  those  vendors  had 
ever  played  together  on 
a  Field  as  large  as  the  one 
Hilton  provides.  “We  were  doing  en¬ 
gineering  that  no  one  had  ever  done 
before,”  Bean  noted.  He  took  advan¬ 
tage  of  that  —  as  the  biggest  cus¬ 
tomers  can  —  by  pushing  the  ven¬ 
dor  trio  to  prove  themselves.  Mi¬ 
crosoft,  Dell  and  PeopleSoft  each 
had  to  pony  up  the  people,  the  ex¬ 
pert  support  and  the  resources  nec¬ 
essary  to  make  this  unproven  three- 
tier  Web  architecture  work. 

Still,  it  didn’t  all  go  perfectly. 


That’s  the  nature  of  IT  projects. 

The  biggest  technology  snafu  hit 
on  the  first  day  of  switching  over  to 
the  new  payroll  system,  but  that 
high  level  of  vendor  attention  paid 
off.  The  latest  unpleasant  surprise 
has  more  to  do  with  industry  poli¬ 
tics  and  finance  than  technology: 
the  looming  threat  of  an  Oracle 
takeover  of  PeopleSoft. 

“What  I  have  told  everybody  here 
at  Hilton  —  and  I’ve  been  getting  a 
lot  of  calls  from  other  big  cus¬ 
tomers,  too  —  is  don’t  do  anything 
yet,”  Bean  told  us  last  week.  “Any 
decision  you  make  now  is  going  to 
be  lousy,  because  there’s  not  any 
good  information.”  But  he’s  confi¬ 
dent  that  whatever  happens  can  be 
handled. 

That’s  the  nature  of  IT  leadership. 

As  the  project  heads  into  its  final 
phase,  the  savings  are  already  in  the 
millions,  and  Hilton’s  controller  is 
enjoying  his  newfound  ability  to 
close  the  books  in  roughly  half  the 
time  he  once  did. 

IT  projects  will  always  be  targets 
of  criticism.  They’ll  always  be  a 
gamble  because  they  involve  such  a 
volatile  mix  of  people,  technology, 
business  and  politics.  But  done 
right,  as  at  Hilton,  they  can  be  better 
than  a  winning  lottery  ticket.  I 


Call  Centers 
Grow  Up 

COMPANIES  should  turn 
their  call  centers  into 
IT-equipped  intelli¬ 
gence  operations  designed  to 
provide  e-learning,  customer 
analysis  and  threat  detection. 

Best  Buy,  Starwood  Hotels  and  Con¬ 
tinental  Airlines  are  doing  just  that,  as 
if  to  disprove  the  notion  that  IT  is  his¬ 
tory.  They’re  using  an  intelligent  soft¬ 
ware  suite  from  Roswell,  Ga.-based 
Witness  Systems  Inc.  to  randomly 
record  both  voice  and  data  communi¬ 
cations  in  order  to  improve  customer 
service  and  the  bottom  line. 

For  example,  Continental’s  four  do¬ 
mestic  reservation  centers,  which  han¬ 
dle  about  60  million  calls  annually,  use 
IT  for  more  than  just  measuring  call 
levels.  The  airline  takes  the  technolo¬ 
gy  to  greater  heights,  integrating  the 
call  review  process 
with  IT  operations 
and  business  goals 
and  letting  manage¬ 
ment  at  company 
headquarters  in 
Houston  keep  an  eye 
on  things. 

This  enables  IT 
staffers  to  trouble¬ 
shoot  bugs  and  prob¬ 
lems  with  the  Web 
site  in  real  time, 
thanks  to  electronic 
buckets  in  which  reservation  agents 
(there  are  nearly  5,000)  place  cus¬ 
tomer  reports.  Since  the  IT  depart¬ 
ment  can  see  the  actual  keystrokes 
that  led  to  any  problems,  fixes  are 
made  more  quickly.  And  those  fixes 
are  also  less  expensive  to  execute,  be¬ 
cause  IT  personnel  don’t  have  to  fly  to 
a  reservation  center  in  the  hope  of 
seeing  a  recurring  glitch. 

The  system  also  helps  agents  group 
problems,  questions  and  concerns  ac¬ 
cording  to  criteria  the  airline  per¬ 
ceives  as  important. 

The  system  records  up  to  10  random 
calls  per  agent  per  month,  but  it  also 
lets  each  agent  flag  calls  for  examina¬ 
tion  by  a  supervisor.  For  example,  an 
agent  who  has  trouble  closing  sales 
can  select  calls  for  review  by  a  manag¬ 
er,  who  can  then  help  him  improve  his 
performance. 

And  in  Houston,  managers  can  log 
onto  the  Windows  NT  system  from 
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You’ve  stretched  every  budget  and  cut  every  bit  of  fat.  Or  have  you?  SAP  solutions  give  you  real-time 
visibility  of  information  across  your  entire  enterprise,  so  you  can  plug  the  leaks  in  your  supply  chain 
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The  Top  10  Critical  Challenges 
for  Business  Intelligence  Success 

More  than  half  of  all  BI  projects  fail  — 
make  sure  yours  isn’t  one  of  them 


Let’s  start  with  the  bad  news:  More  than 
half  of  all  Business  Intelligence  projects  are 
either  never  completed  or  fail  to  deliver  the 
features  and  benefits  that  are  optimistical¬ 
ly  agreed  on  at  their  outset.  While  there 
are  many  reasons  for  this  high  failure  rate,  the  biggest  is 
that  companies  treat  BI  projects  as  just  another  IT  proj¬ 
ect.  Face  it:  Business  Intelligence,  or  BI,  is  neither  a  prod¬ 
uct  nor  a  system.  It  is,  rather,  a  constantly  evolving  strat¬ 
egy,  vision  and  architecture  that  continuously  seeks  to 
align  an  organization’s  operations  and  direction  with  its 
strategic  business  goals. 


With  BI,  business  success  is  real' 
ized  through  rapid,  easy  access  to 
actionable  information.  This  access, 
in  turn,  is  best  achieved  through 
timely  and  accu- 
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rate  insight  into 
business  condi¬ 
tions  and  cus¬ 
tomers,  finances 
and  markets. 
Complex  stuff,  but  worthwhile. 
Successful  BI  brings  greater  prof¬ 
itability,  the  true  indicator  of  busi¬ 
ness  success.  And  success  is  never  an 


accident;  companies  achieve  it  when 
they  do  the  following: 

•  Make  better  decisions  with 
greater  speed  and  confidence. 

•  Streamline  operations. 

•  Shorten  their  product  develop¬ 
ment  cycles. 

•  Maximize  value  from  existing 
product  lines  and  anticipate  new 
opportunities. 

•  Create  better,  more  focused 
marketing  as  well  as  improved  rela¬ 
tionships  with  customers  and  suppli¬ 
ers  alike. 


Organizations  must  understand 
and  address  these  10  critical  chal¬ 
lenges  for  BI  success.  BI  projects  fail 
because  of: 

1.  Failure  to  recognize  BI  projects 
as  cross-organizational  business  ini¬ 
tiatives,  and  to  understand  that  as 
such  they  differ  from  typical  stand¬ 
alone  solutions. 

2.  Unengaged  business  sponsors 
(or  sponsors  who  enjoy  little  or  no 
authority  in  the  enterprise). 

3.  Unavailable  or  unwilling  busi¬ 
ness  representatives. 

4.  Lack  of  skilled  and  available 
staff,  or  sub-optimal  staff  utilization. 

5.  No  software  release  concept 
(no  iterative  development  method). 

6.  No  work  breakdown  structure 
(no  methodology). 

7.  No  business  analysis  or  stan¬ 
dardization  activities. 

8.  No  appreciation  of  the  impact 
of  dirty  data  on  business  profitability. 

9.  No  understanding  of  the  neces¬ 
sity  for  and  the  use  of  meta-data. 

10.  Too  much  reliance  on  disparate 
methods  and  tools  (the  dreaded  silver 
bullet  syndrome). 

In  this  white  paper,  we  examine 
each  of  these  challenges. 
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1.  Cross-Organizational 
Collaboration 

Traditionally,  any  business  initia¬ 
tive,  including  a  decision-support 
project,  was  focused  on  a  specific  goal 
that  was  limited  to  a  set  of  products 
or  an  area  of  the  business.  Due  to  this 
narrow  focus,  organizations  were 
unable  to  analyze  the  project’s  impact 
on  business  operations  as  a  whole.  As 
organizations  became  more  cus¬ 
tomer-focused,  these  initiatives 
began  to  integrate  customer  informa¬ 
tion  with  product  information. 

It  is  critical  to  realize  that  cus¬ 
tomers  and  markets,  not  manufactur¬ 
ing  plants  and  product  managers, 
must  drive  the  business.  It  is  also 
optimal  to  correct  any  customer 
problems  before  the  customer  real¬ 
izes  the  problem  existed.  Enterprises 
have  a  better  chance  to  achieve  high 


Customers  and  markets, 
not  manufacturing  plants 
and  product  managers, 
must  drive  the  business. 


customer  loyalty  if  customers  can  pay 
when  their  problem  is  solved  —  not 
when  the  product  is  shipped. 
Initially,  the  integration  occurred  in 
regional  or  departmental  databases, 
with  no  cross-regional  collaboration. 

Enterprise  data  warehouses  were 
the  next  step  in  the  evolution  toward 
cross-organizational  integration  of 
information  for  decision-support 
purposes  such  as  sales  reporting,  key 
performance  indicators  (KPIs)  and 
trends  analysis.  Customer  relation¬ 
ship  management  (CRM)  followed. 


bringing  the  promise  of  increased 
sales  and  profitability  through  per¬ 
sonalization  and  customization. 

BI  is  the  next  step  in  achieving  the 
holistic  cross-organizational  view 
(Figure  1).  It  has  the  potential  to 
deliver  enormous  payback,  but 
demands  unprecedented  collabora¬ 
tion.  Where  BI  is  concerned,  collabo¬ 
ration  is  not  limited  to  departments 
within  the  organization;  it  requires 
integration  of  knowledge  about  cus¬ 
tomers,  competition,  market  condi¬ 
tions,  vendors,  partners,  products  and 
employees  at  all  levels. 

To  succeed  at  BI,  an  enterprise 
must  nurture  a  cross-organizational 
collaborative  culture  in  which  every¬ 
one  grasps  and  works  toward  the 
strategic  vision. 

2.  Business  Sponsors 

Strong  business  sponsors  truly 
believe  in  the  value  of  the  BI  project. 
They  champion  it  by  removing  politi¬ 
cal  roadblocks.  Without  a  supportive 
and  committed  business  sponsor,  a  BI 
project  struggles  for  support  within 
an  organization  —  and  usually  fails. 

Business  sponsors  establish  prop¬ 
er  objectives  for  the  BI  application, 
ensuring  that  they  support  the  strate¬ 
gic  vision.  Sponsors  also  approve  the 
business-case  assessment  and  help 
set  the  project  scope.  If  the  scope  is 
too  large,  sponsors  prioritize  the 
deliverables. 

Specifically  for  BI  projects,  busi¬ 
ness  sponsors  should  also  launch  a 
data- quality  campaign  in  affected 
departments.  This  task  goes  to  busi¬ 
ness  sponsors  because  it’s  business 
users  who  truly  understand  the  data. 

Finally,  business  sponsors  should 
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SOURCE:  "Business  Intelligence  Roadmap  -  The  Complete  Project  Lifecycle  for  Decision-Support  Applications," 
By  Larissa  T.  Moss  and  Shaku  Atre.  Copyright  2003,  Addison-Wesley 
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run  a  project  review  session  at 
assigned  checkpoints  to  ensure  that 
BI  application  functionality  maps 
correctly  to  strategic  business  goals, 
and  that  its  return  on  investment 
(ROI)  can  be  objectively  measured. 

3.  Dedicated  Business 
Representation 

More  often  than  not,  the  primary 
focus  of  BI  projects  is  technical  rather 
than  business-oriented.  The  reason 
for  this  shortcoming:  most  BI  proj¬ 
ects  are  run  by  IT  project  managers 
with  minimal  business  knowledge. 
These  managers  tend  not  to  involve 
business  communities.  Therefore,  it’s 
not  surprising  that  most  projects  fail 
to  deliver  expected  business  benefits. 

It’s  important  to  note  that  usually 
20%  of  the  key  businesspeople  use  BI 
applications  80%  of  the  time. 
Therefore,  it’s  vital  to  identify  key 
business  and  technical  representa¬ 
tives  at  the  beginning  of  a  BI  project 
—  and  to  keep  them  motivated 
throughout  the  project.  A  BI  project 
team  should  have  involved  stakehold¬ 
ers  from  the  following  areas: 

Business  executives  are  the  visionar¬ 
ies  with  the  most  current  organiza¬ 
tional  strategies.  They  should  help 
make  key  project  decisions  and  must 
be  solicited  for  determining  the  pro¬ 
ject’s  direction  at  various  stages. 

Customers  can  help  identify  the 
final  goals  of  the  BI  system.  After  all, 
their  acceptance  of  products  or  serv¬ 
ice  strategies  is  what  matters  most. 

Key  business  partners  provide  a  dif¬ 
ferent  view  of  the  customer  and 
should  be  solicited  for  information  at 
the  start  and  on  an  ongoing  basis. 

The  Finance  department  is  responsi¬ 


ble  for  accounting  and  can  provide 
great  insight  into  an  organization’s 
efficiencies  and  improvement  areas. 

Marketing  personnel  should  be 
involved  during  all  phases  of  the  proj¬ 
ect  because  typically,  they  are  key 
users  of  BI  applications. 

Sales  and  Customer  Support  representa - 
fives  have  direct  customer  contact  and 
provide  customer  perspective  during 
a  BI  project.  They  must  have  repre¬ 
sentation  on  the  team. 

IT  supports  the  operational  sys¬ 
tems  and  provides  awareness  about 
the  backlog  of  BI  requests  from  differ¬ 
ent  groups.  In  addition  to  providing 


It's  vital  to  identify 
key  business  and 
technical  reps  at 
the  beginning  of  a  BI 
project  -  and  keep  them 
motivated  throughout. 


technical  expertise,  the  IT  staff  in  the 
BI  project  team  must  analyze  and 
present  Bl-related  requests. 

Operations  managers  and  staff  make 
tactical  business  decisions.  They  pro¬ 
vide  the  link  between  strategic  and 
operational  information,  making 
them  important  during  some  key 
phases  of  a  BI  project. 

4.  Availability  of  Skilled  Team 
Members 

BI  projects  differ  significantly 
from  others  because  at  their  outset, 
they  tend  to  lack  concrete,  well- 


defined  deliverables.  In  addition,  the 
business  and  technical  skills  required 
to  implement  a  BI  application  are 
quite  different  than  other  operational 
online  transaction  processing  (OLTP) 
projects.  For  example,  while  opera¬ 
tional  projects  normally  focus  on  a 
certain  area  of  the  business,  such  as 
enterprise  resource  planning  (ERP), 
CRM  or  supply  chain  management 
(SCM),  a  BI  project  integrates,  ana¬ 
lyzes  and  delivers  information 
derived  from  almost  every  area  of  the 
business  as  a  whole. 

The  required  technical  expertise 
varies  as  well;  typically,  for  example,  a 
database  administrator’s  focus  is  effi¬ 
cient  retrieval  of  data  using  OLTP  sys¬ 
tems.  By  contrast,  where  BI  systems 
are  concerned,  it’s  vitally  important 
to  focus  on  data  storage  in  addition  to 
data  retrieval. 

A  BI  project  team  lacking  BI  appli¬ 
cation  implementation  experience 
will  most  likely  fail  to  deliver  desired 
results  in  the  first  iteration.  Since 
most  BI  projects  have  aggressive  time¬ 
lines  and  short  delivery  cycles,  an 
inexperienced  and  unskilled  team  is  a 
risk  that  must  be  avoided. 

Mandatory  BI  project  skills 
include: 

•  BI  business  analysts  who  can 
perform  cause-and-effect  analysis  to 
develop  business  process  models  for 
evaluating  decision  alternatives. 
These  individuals  should  also  be  able 
to  perform  what- if  analysis  by  follow¬ 
ing  a  proven  BI  methodology. 

•  A  KPI  expert  experienced  in 
creating  balanced  scorecards.  These 
experts  must  be  able  to  identify  the 
KPIs  that  meet  business  needs,  calcu¬ 
late  and  report  them  and  monitor  per- 
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formance.  They  also  should  iteratively  | 
re-evaluate  KPI  effectiveness  and  ] 
must  integrate  these  KPIs  into  the  i 
balanced  scorecard. 

•  Balanced  scorecard  experts  to  j 

continuously  develop  and  fine-tune  | 

scorecards.  Measuring  success  in  a  j 

dynamic  business  environment  i 

requires  an  effective  toolset.  With  a  i 

balanced  scorecard,  an  organization’s  i 

vision  and  strategy  can  be  translated  j 

into  objectives,  targets,  metrics  — 
and  incentives  to  meet  those  objec-  i 
tives  and  targets. 

•  Data  warehouse  architects  ; 

with  experience  developing  Bl-relat-  j 

ed  logical  and  physical  data  models,  j 

including  both  star  schemas  and  i 

OLAP.  Ideally,  these  people  might  : 

also  have  experience  with  such  tech-  j 

nologies  as  statistical  tools  and  data-  j 

mining  algorithms. 

•  Cube  developers  and  imple-  I 
menters  with  experience  implement-  j 
ing  Bi-specific  data  models,  OLAP  i 
servers  and  queries.  These  individuals  j 
must  be  able  to  develop  and  deploy  | 
complex  and  intelligent  cubes  to  con-  ! 
duct  multi-dimensional  OLAP  analy-  i 
sis  for  different  users. 

•  Personalization  experts  expe-  j 

rienced  at  developing  Web-based  | 

generic  BI  applications  that  can  not  j 

only  meet  the  reporting  needs  of  j 

many  users,  but  also  provide  a  per-  ; 

sonalized  view  to  each  user. 

5.  BI  Application  Development 
Methodology 

To  succeed,  BI  projects  must  j 

adhere  to  a  plan  with  clearly  defined  j 

methodologies,  objectives  and  mile-  j 

stones.  In  this  respect,  they  are  hardly  I 

unique.  However,  unlike  other  under-  i 


Unlike  other  undertakings, 
BI  projects  aren't  limited 
to  a  set  of  departmental 
requirements. 


takings,  BI  projects  are  not  limited  to 
a  confined  set  of  departmental 
requirements.  Rather,  their  purpose 
is  to  provide  cross-organizational 
applications.  Therefore,  BI  method¬ 
ologies  and  deliverables  differ. 

Like  any  project,  BI  starts  out  by 
answering  some  basic  questions,  such 
as:  What  will  be  delivered?  What  are 
the  benefits  and  expected  ROI?  What 
is  the  total  cost?  When  will  it  be 
delivered?  Who  will  do  it?  The 
answers  collectively  define  the  BI 


project  as  follows: 

Project  deliverables  map  goals  to 
strategic  business  objectives.  These 
deliverables  should  be  measurable  in 
business  terms.  For  example,  “In 
order  to  increase  sales  20%,  the  sales 
data  merged  with  pipeline  data  must 
be  available  to  sales  teams  within 
three  days  of  month’s  end.” 

Project  scope  aligns  deliverables 
with  BI  application  deployment 
phases  and  timelines.  Unlike  tradi¬ 
tional  OLTP  applications,  the  number 
of  transactions  the  system  will  per¬ 
form  cannot  measure  BI  project 
scope.  Transactions  usually  represent 
an  organization’s  processes,  which  in 
turn  represent  functions.  Since  BI 
projects  are  data-intensive,  not  func¬ 
tion-intensive,  their  scope  must  be 
measured  by  the  data  they  will  trans¬ 
form  to  the  target  BI  databases,  and 


Figure  2 

BI  Project  Planning  Process 
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how  quickly  this  data  can  be  avail- 
able.  This  focus  on  data  is  necessary 
because  almost  80%  of  the  effort  in  a 
typical  BI  project  is  spent  on  data- 
related  activities. 

R 01  for  a  BI  project  must  be  deriv¬ 
able  from  project  deliverables.  Project 
sponsors  must  measure  the  effective¬ 
ness  of  delivered  BI  applications  after 
the  completion  of  each  phase  to 
determine  whether  the  project  is 
delivering  the  promised  ROI.  If  it 
isn’t,  improvements  must  be  made. 

6.  Planning  BI  Projects 

Due  to  the  nature  of  the  beast,  BI 
projects  tend  to  hit  more  unknowns 
than  OLTP  projects.  Why?  OLTP 
projects  implement  the  processes  of 
an  organization,  which  in  turn  repre¬ 
sent  the  functions.  By  contrast,  BI 
projects  are  supposed  to  provide  data, 
which  will  be  transformed  into  infor¬ 
mation,  which  in  turn  is  transformed 
into  action.  Therefore,  BI  project 
planning  is  not  a  one-time  activity, 
but  rather  an  iterative  process  in 
which  resources,  timelines,  scope, 
deliverables  and  plans  are  continu¬ 
ously  adjusted  (Figure  2). 

Although  it’s  an  iterative  process, 
the  initial  project  plan  must  be  creat¬ 
ed  with  as  much  detail  as  possible 
(Figure  3).  BI  project  planning  activi¬ 
ties  include: 

Determining  project  requirements.  As 
part  of  this  activity,  existing  high- 
level  data,  functionality  and  infra¬ 
structure  requirements  must  be 
reviewed  and  revised  to  include  more 
detail  and  remove  ambiguity. 

Determining  the  condition  of  source  files 
and  databases.  Before  completing  the 
project  plan,  operational  data  stores 


must  be  reviewed  to  account  for  any 
issues  that  may  surface  during  the 
data-analysis  phase. 

Determining  or  revising  cost  estimates. 
During  this  activity,  the  organization 
performs  detailed  analysis  to  deter¬ 
mine  purchase  and  maintenance  cost 
estimates  for  hardware,  software,  net¬ 
work  equipment,  business  analysts, 
IT  staff  members,  implementation, 
training  and  consultants. 

Determining  or  revising  risk  assessment. 
Enterprises  must  perform  a  detailed 
risk  assessment  in  order  to  accurately 
determine  and  rank  BI  project  risks 
(based  on  severity  and  the  likelihood 
of  their  occurrence). 


Identifying  critical  success  factors. 
Here  an  organization  determines 
what  conditions  must  exist  in  order 
for  the  project  to  succeed.  Factors 
include  supportive  business  sponsors, 
realistic  time  frames  and  the  availabil¬ 
ity  of  resources. 

Preparing  the  project  charter.  This  is  a 
detailed  memorandum  of  under¬ 
standing  that  should  be  prepared  by 
the  project  team  and  approved  by  the 
business  sponsor  and  key  business 
representatives. 

Creating  a  high-level  project  plan.  These 
are  detailed  breakouts  of  tasks, 
resources,  time  lines,  task  dependen¬ 
cies  and  resource  dependencies 


Figure  3 

Project  Planning  Activities 
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mapped  on  a  calendar. 

Kicking  off  the  project.  On  completion 
of  the  plan,  the  project  is  kicked  off  in 
an  orientation  session  at  which  all 
team  members,  business  representa¬ 
tives  and  the  BI  sponsor  are  present. 

7.  Business  Analysis  and  Data 
Standardization 

By  now  it’s  clear  that  Bl  projects 
are  data-intensive  and  that  “data  out” 
is  as  important  as  “data  in.”  It’s  crucial 
that  the  source  data  be  scrutinized. 
The  age-old  saying,  “Garbage  in, 
garbage  out,”  still  holds  true. 

In  most  BI  projects,  business 
analysis  issues  are  related  to  source 
data,  which  is  scattered  around  the 
organization  in  disparate  data  stores 
and  in  a  variety  of  formats.  Some  of 
the  issues  include: 

Identifying  information  needs.  Most 
business  analysts  have  challenges 
when  it  comes  to  identifying  business 
issues  related  to  BI  application  objec¬ 
tives.  They  must  evaluate  how 
addressing  these  issues  can  help  in 
obtaining  answers  to  business  ques¬ 
tions  such  as,  “Why  is  there  a 
decrease  in  sales  revenue  in  the  fourth 
quarter  on  the  West  Coast?”  Once  the 
issues  are  identified,  business  ana¬ 
lysts  can  easily  determine  related  data 
requirements,  and  these  require¬ 
ments  can  in  turn  help  identify  data 
sources  for  the  required  information. 

Data  merge  and  standardization.  The 
biggest  challenge  faced  by  every  BI 
project  is  its  team’s  ability  to  under¬ 
stand  the  scope,  effort  and  impor¬ 
tance  of  making  the  required  data 
available  for  knowledge  workers. 
That  data  consists  of  fragments  in 
disparate  internal  systems  and  must 


be  merged  into  a  common  data  ware¬ 
house  —  not  a  trivial  task.  Data 
requirements  normally  extend 
beyond  internal  sources,  to  private 
and  external  data.  Therefore,  data 
merge  and  standardization  activities 
must  be  planned  and  started  at  the 
beginning  of  the  BI  project. 

8.  Impact  of  Dirty  Data  on 
Business  Profitability 

Inaccurate  and  inconsistent  data 
costs  enterprises  millions.  It’s  imper¬ 
ative  to  identify  which  data  is  impor¬ 
tant,  then  find  out  how  clean  it  is. 
Any  dirty  data  must  be  identified,  and 
a  data-cleansing  plan  must  be  devel¬ 
oped  and  implemented. 


Dirty  data  must  be 
identified  and  a  data- 
cleansing  plan  must 
then  be  developed  and 
implemented. 


The  business  objectives  of  any  BI 
project  should  be  tied  to  financial 
consequences  such  as  lost  revenue 
and  reduced  profit.  The  financial  con¬ 
sequences  are  usually  the  result  of  a 
business  problem  related  to  inaccura¬ 
cies  in  reports  due  to  reliance  on 
invalid,  inaccurate  or  inconsistent 
data.  However,  most  BI  projects  fail  to 
tie  financial  consequences  to  dirty 
data  through  monetary  expressions 
(such  as  losing  $10  million  in  quarter¬ 
ly  revenue  due  to  the  enterprise’s 
inability  to  up-sell). 

Even  the  best  BI  application  will 


be  worthless  if  driven  by  dirty  data. 
Therefore,  it  is  important  for  every  BI 
project  to  employ  knowledgeable 
business  analysts  who  understand 
the  meaning  of  source  data  and  can 
ensure  its  quality. 

Underestimating  the  data-cleans- 
ing  process  is  one  of  the  biggest  rea¬ 
sons  for  BI  failure.  Inexperienced  BI 
project  managers  often  base  their 
estimates  on  the  number  of  technical 
data  conversions  required.  Project 
managers  also  fail  to  take  into 
account  the  overwhelming  number  of 
transformations  required  to  enforce 
business  data  domain  rules  and  busi¬ 
ness  data  integrity  rules. 

For  some  large  organizations  with 
many  old  file  structures,  the  ratio  of  a 
particular  data  transformation  effort 
can  be  expected  to  be  as  high  as  85°/o 
effort  in  data  cleansing  and  only  15% 
in  enforcing  technical  data  conver¬ 
sion  rules.  Therefore,  even  if  estimates 
appear  realistic  at  the  project’s  outset, 
you  must  factor  in  data-cleansing 
efforts.  Note  that  full-time  involve¬ 
ment  from  the  right  business  repre¬ 
sentatives  is  mandatory  for  data- 
cleansing  activity. 

9.  Importance  of  Meta-Data 

Clean  data  is  worthless  to  knowl¬ 
edge  workers  if  they  do  not  under¬ 
stand  its  context.  Valid  business  data, 
unless  tied  to  its  meaning,  is  still 
meaningless.  Therefore,  it  is  impera¬ 
tive  for  all  BI  applications  to  con¬ 
sciously  create  and  manage  the  mean¬ 
ing  of  each  data  element.  This  data 
about  data  is  known  as  meta  data, 
and  its  management  is  an  essential 
activity  in  BI  projects. 

Meta-data  describes  an  organiza 
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tion  in  terms  of  its  business  activities 
and  the  business  objects  on  which 
they’re  performed.  It  helps  transform 
business  data  into  information.  It  is 
imperative  for  every  BI  environment. 
For  example,  what  is  profit?  Does 
every  businessperson  have  the  same 
understanding  of  profit?  Is  there  only 
one  calculation  for  profit?  If  there  are 
different  interpretations  of  profit,  are 
all  interpretations  legitimate?  If  there 
are  multiple  legitimate  versions  of 
profit,  then  multiple  data  elements 
must  be  created,  each  with  its  own 
unique  name,  definition,  content 
rules  and  relationships.  All  this  infor¬ 
mation  is  meta-data. 

Meta-data  helps  businesspeople 
navigate  BI  target  databases  and 
helps  IT  manage  BI  applications. 
There  are  two  types  of  meta-data: 

•  Technical  meta-data  provides 
information  about  BI  applications 
and  databases,  and  assists  IT  staff  in 
managing  these  applications. 

•  Business  meta-data  provides 
business  users  with  information  on 
data  stored  in  BI  applications  and 
databases. 

Both  types  are  crucial  to  success 
and  should  be  mapped  to  each  other 
and  stored  in  meta  data  repositories. 

10.  The  Silver  Bullet  Syndrome 

There  is  neither  a  single  technolo¬ 
gy  nor  a  technique  that  will  resolve  all 
the  challenges  to  reach  the  goal  of  a 
successful  BI  environment.  That  is  to 
say,  there  is  no  silver  bullet. 

BI  projects  have  an  enormous 
scope  and  cover  multiple  environ¬ 
ments  and  technologies.  At  a  mini¬ 
mum,  a  BI  environment  comprises: 

•  A  tool  for  extracting,  trans¬ 


forming  and  loading  data  from  dis¬ 
parate  source  systems  into  the  BI  tar¬ 
get  data  warehouse. 

•  A  data  warehouse  that  stores 
historical  and  current  business  data, 
as  well  as  an  OLAP  server  that  pro¬ 
vides  analytic  services. 

•  Front-end  BI  applications  that 
are  used  to  provide  querying,  report- 


Valid  business  data,  unless 
tied  to  its  meaning,  is 
still  meaningless.  BI 
applications  must  create 
and  manage  the  meaning 
of  each  data  element. 


ing  and  analytic  functions  to  the  orga¬ 
nization’s  knowledge  workers. 

In  most  organizations,  these  BI 
components  are  implemented  in  dif¬ 
ferent  phases  and  by  project  teams. 
Each  team  implements  the  product 
that  meets  most  of  its  functional 
requirements.  More  tools  create 
greater  complexity  and  increased 
interoperability  issues,  and  require 


more  administration  involvement. 

BI  project  teams  must  always  con¬ 
sciously  strive  for  the  lowest  possible 
number  of  tools.  This  will  allow  dif¬ 
ferent  BI  activities  to  map  to  the  same 
overall  roadmap. 

Conclusion:  Maximizing  ROI 

BI  applications,  if  implemented 
efficiently  and  properly,  have  tremen¬ 
dous  payoff.  They  can  help  an  enter¬ 
prise  increase  its  business  agility, 
decrease  operating  costs  and  improve 
its  customer  loyalty  and  acquisition. 

And  in  most  cases,  these  improve¬ 
ments  bring  a  host  of  tangible  bene¬ 
fits  (better  customer  satisfaction, 
increased  revenue  and  profits,  cost 
savings  and  higher  market  share). 
Bottom  line:  a  successful  BI  project  is 
a  genuine,  often  dramatic,  improve¬ 
ment  to  any  organization. 

Ah,  but  there’s  that  word  again: 
successful.  As  we’ve  seen,  many  com¬ 
plex  factors  go  into  the  successful  BI 
project.  By  paying  attention  to  the  10 
critical  challenges  for  BI  success,  your 
enterprise  has  a  great  chance  to  com¬ 
plete  and  deliver  the  features  and 
benefits  agreed  upon  at  the  beginning 
of  the  project.  ❖ 
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Atre  is  president  of  Atre  Group  Inc.  in  Santa  Crux, 
California. 

Previously,  Atre  was  a  partner  with 
PriceWaterhouseCoopers  and  worked  at  IBM  for  14 
years.  Atre's  award-winning  book  on  database  man¬ 
agement  systems,  “Data  Base:  Structured 
Techniques  for  Design,  Performance  and 
Management"  (John  Wiley  and  Sons,  New  York),  has 
become  a  classic  on  the  subject.  Her  most  recent 
book  is  “Business  Intelligence  Roadmap  -  The  Complete  Project  Lifecycle 
for  Decision-Support  Applications, ”  by  Larissa  T.  Moss  and  Shaku  Atre 
(Addison-Wesley). 
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their  desktops  on  a  regular  basis  to 
look  for  recurring  problems  or  trends, 
and  to  measure  agent  service  and 
sales  performance.  They  can  also  as¬ 
sess  IT  operations  based  on  customer 
feedback. 

By  using  IT,  HR  management  was 
able  to  revamp  the  agent  review  proc¬ 
ess,  whittling  a  list  of  65  questions 
down  to  14  and  shifting  the  focus  of 
the  review  process  from  administra¬ 
tion  to  coaching  and  learning.  Conti¬ 
nental  has  also  restructured  its  train¬ 
ing  program  for  new  hires  to  reflect 
the  customer  service  issues  that  show 
up  in  the  call  center. 

Creative  application  of  IT  has  made 
it  possible  to  automate  and  link  a  vari¬ 
ety  of  customer  service  data,  making  it 
easier  to  provide  current  information 
about  flight  delays  or  fare  changes. 

Providing  an  online  evaluation  form 
makes  it  convenient  for  managers  to 
score  as  they  listen  to  recorded  calls. 
They  can  even  mark  calls  and  e-mail 
them  for  review  by  other  personnel. 

That’s  pretty  versatile  and  far  reach¬ 
ing  for  a  system  that  was  originally 
conceived  as  just  a  security  measure 
to  monitor,  capture  and  relay  threaten¬ 
ing  calls  within  real-time  parameters. 
In  today’s  world,  that  kind  of  vision 
and  those  kinds  of  results  mean  that 
IT  is  hardly  passe.  I 

DAN  GILLMOR 

Take  Another 
Look  at  Apple 

Every  once  in  a  while, 
corporate  IT  shops  have 
to  ask,  “Is  the  Mac  any 
more,  or  less,  worthy  for  the 
enterprise?” 

We  learned  some  useful  facts  about 
Apple  Computer’s  future  last  week  at 
the  company’s  annual  conference  for 
developers  in  San  Francisco.  At  the 
top  of  the  list:  Apple  isn’t  moving  to 
the  Intel  architecture  for  its  central 
processors,  but  it  is  beginning  to  shed 
a  hardware  albatross  in  a  smart  way. 

For  IT,  the  hardware  story  may 
prove  to  be  the  most  interesting.  Ap¬ 
ple  leapt  into  the  64-bit  era  when  it 
announced  a  new  line  of  computers 
based  on  IBM’s  PowerPC  970  micro¬ 
processors.  The  move  was  long  over¬ 
due  recognition  that  Motorola,  which 
has  been  Apple’s  PowerPC  supplier, 

'  has  lost  too  much  ground  in  power 
and  price  to  the  Intel  architecture  in 
recent  years.  Apple  is  still  using  Mo¬ 


torola  chips  on  lower-end 
machines  and  probably  will 
keep  doing  so  for  some 
time,  but  the  alliance  with 
IBM  strikes  me  as  Apple’s 
future. 

There’s  no  doubt  that  this 
hardware  is  a  big  step  for¬ 
ward.  It’s  not  just  a  faster 
CPU,  which  Apple  is  brand¬ 
ing  the  G5.  The  entire  sys¬ 
tem  offers  an  impressively 
advanced  architecture  that 
includes  faster  memory  and 
an  internal  bus  speed  that 
moves  the  Mac  ahead  of  the  competi¬ 
tion.  Apple  is  also  embracing  Univer¬ 
sal  Serial  Bus  2.0,  somewhat  surpris¬ 
ingly  given  its  pushing  of  FireWire, 
but  this  is  what  the  company  has  to  do 
in  today’s  world. 

All  that  won’t  be  enough  to  entice 
the  enterprise  for  routine  office  appli¬ 
cations.  You’re  unlikely  to  see  IT  de¬ 
partments  replacing  their  Windows 
desktop  computers  with  the  Power¬ 
Mac  G5,  due  to  ship  in  August.  Al¬ 
though  the  prices  are  quite  competi¬ 
tive  with  the  fastest  Intel-compatible 
machines,  they’re  way  more  costly 
than  the  slower  —  but  still  amply  fast 
—  PCs  running  Windows  or  Linux  for 
ordinary  office  work. 


However,  users  of  high- 
end  Macs  have  genuine 
incentives  to  upgrade. 
That’s  especially  true  for 
the  “creative  profession¬ 
als”  Apple  counts  as  a  core 
market.  These  folks  are 
sure  to  be  pleased.  Soft¬ 
ware  developers  are 
rewriting  their  applica¬ 
tions  to  take  advantage  of 
the  G5  (for  example, 

Adobe  is  reworking  Photo¬ 
shop),  but  32 -bit  applica¬ 
tions  should  run  without 
modification.  In  some  ways,  G5s  may 
be  attractive  as  replacements  for  some 
Unix  workstations. 

Apple  didn’t  announce  a  rack  server 
or  notebook  G5.  Expect  the  server  be¬ 
fore  the  notebook;  heat  issues  are  sure 
to  constrain  the  latter. 

The  software  story  is  mixed.  The 
next  version  of  the  Unix-based  operat¬ 
ing  system  —  Mac  OS  X  10.3,  code- 
named  Panther  —  is  being  delayed 
three  months  or  so.  Too  bad.  It’s  slick, 
with  plenty  of  usability  enhancements, 
such  as  vastly  better  search,  and  it 
looks  like  it  will  work  even  more 
smoothly  inside  Windows-oriented 
enterprises. 

But  Microsoft’s  increasingly  am¬ 


bivalent  attitude  toward  the  Mac  could 
become  a  problem.  Microsoft  is  killing 
development  of  Internet  Explorer  for 
the  Mac,  noting  (without  irony)  that 
Apple’s  developers  have  an  unfair  ad¬ 
vantage  in  developing  the  Safari 
browser  because  they  have  better  ac¬ 
cess  to  the  underlying  operating  sys¬ 
tem.  And  given  how  closely  inter¬ 
twined  the  Windows  version  of  Office 
is  becoming  with  the  operating  sys¬ 
tem,  it’s  likely  that  the  next  OS  X  ver¬ 
sion  of  Office  will  be  the  last. 

Apple  is  making  tentative  moves  to¬ 
ward  replacing  Office  with  its  own 
suite  of  applications,  such  as  the 
Keynote  presentation  software.  But 
Microsoft’s  never-ending  efforts  to 
lock  in  users  with  hard-to-decipher 
file  formats,  complex  macros  and  oth¬ 
er  tricks  will  remain  a  problem  for 
Mac  users,  and  thus  for  Apple  as  well. 
This  transition  will  be  tricky. 

Bottom  line  for  IT?  Apple  can  still 
make  a  case  in  the  enterprise,  targeting 
creative  types,  some  road  warriors  and 
some  server  applications,  and  it’s  clear¬ 
ly  not  running  short  on  innovation.  I 
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Revised  Opinion 

IN  THE  MAY  12  edition  of  Comput- 
erworld,  I  was  quoted  in  the  arti¬ 
cle  “Wading  Into  IP  Telephony” 
[QuickLink  38056]  as  saying, 
“Avaya's  not  as  focused  on  data  as 
Cisco  is. . . .  The  Cisco  user  inter¬ 
face  is  cleaner.”  While  this  may 
have  been  our  first  impression  at 
the  time  I  was  interviewed,  over  the 
past  six  months  our  network  ana¬ 
lysts  have  concluded  that  for  voice- 
over-IP  monitoring  and  manage¬ 
ment,  the  Avaya  Cajun  switches  are 
the  choice  performers.  Since  then, 
we  have  installed  over  75  Cajun 
switches  throughout  our  facilities, 
with  no  regrets. 

Thomas  Dunkerley 
IT  communications  manager, 
The  Seattle  Times, 
tdunkerley@seattletimes.com 


Human  Error 

Neil  Rasmussen  makes  some 
good,  practical  points  on  fa¬ 
cilities  management  [“Avoiding 
Data  Center  Blowups,”  QuickLink 


38121],  Surprisingly,  many  of  these 
involve  human  rather  than  technical 
factors  (for  example,  the  classic 
lack  of  coordination  between  con¬ 
struction  and  operations  staffs). 
These  problems  often  border  on 
the  absurd,  though  the  outcomes 
are  not  always  so  charming.  We 
have  had  maintenance  staff  who 
wedged  open  the  service  doors  be¬ 
fore  they  went  home  for  the  week¬ 
end,  and  locksmiths  who  put  new 
locks  on  the  wrong  side  of  these 
same  doors. 

Rasmussen’s  observations 
about  oversizing  power  and  cooling 
capacity  are  equally  apt.  I  once  had 
a  difficult  discussion  with  an  HVAC 
engineer  who  came  to  look  at  the 
new  heat  exchanger  in  a  small 
server  room.  Using  crude  arith¬ 
metic  examples,  the  engineer  tried 
to  explain  that  the  air  in  the  room 
had  to  recirculate  several  times  a 
minute  or  cooling  wouldn’t  be  ef¬ 
fective.  I  tried  to  explain  that  heat 
exchange  is  nonlinear  and  that  it 
sounded  like  most  of  the  energy  of 
the  2-horsepower  fan  was  in  any 
case  being  converted  into  tur¬ 


bulence.  It  was  clear  that  neither 
factor  had  occurred  to  him,  though 
they  proved  easy  to  demonstrate. 
By  simply  reversing  the  pulleys  so 
the  fan  would  run  slower,  we  saw 
the  room  temperature  fall  by  6 
degrees  Celsius.  All  this  is  a  re¬ 
minder  to  temper  our  natural  ten¬ 
dency  to  focus  attention  on  exotic 
hardware  and  fashionable  method¬ 
ologies  before  we  have  cultivated 
a  rational  grounding  in  how  things 
actually  work.  It  takes  a  little  longer, 
but  makes  a  lot  less  mess  along 
the  way. 

Dan  Razzell 

Starfish  Systems,  Vancouver, 
British  Columbia 


False  Security 

GARTNER’S  ADVICE  on  collect¬ 
ing  metrics  sounds  good  on  the 
surface,  but  you  can  count  only  the 
attacks  you  can  detect,  and  of 
those,  you  can  guess  their  effective¬ 
ness  or  ineffectiveness  based  only 
on  whether  your  security  tools  claim 
to  have  successfully  blocked  them 
[“IT  Managers  See  Need  for  Risk 


Metrics,”  QuickLink  38973].  If  the 
security  tool  knows  how  to  detect  a 
particular  type  of  attack,  then  it 
probably  knows  how  to  block  it  as 
well,  and  therefore  it  should  report 
100%  effectiveness.  Bill  Spernow, 
chief  information  security  officer  at 
the  Georgia  Student  Finance  Com¬ 
mission,  said  it  best  when  he  cau¬ 
tioned  that  these  numbers  can  give 
a  false  sense  of  security. 

Scott  B.  Hutchinson 
Network  administrator,  Office 
of  the  Sheriff  Contra  Costa 
County,  Martinez,  Calif. 
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MULTIDIMENS 


For  your  next  generation  of  applications, 
move  to  the  next  generation  of  database  technology: 
Cache,  the  post-relational  database. 

What  makes  Cache  “post-relational”?  It  provides 
developers  three  integrated  data  access  options  which 
can  be  used  simultaneously  on  the  same  data:  an 
advanced  object  database,  high-performance  SQL, 
and  rich  multidimensional  access. 

Because  Cache’s  architecture  is  a  multi¬ 
dimensional  structure,  applications  built  on  it  are 
massively  scalable  and  lightning- fast. 

Plus,  no  mapping  is  required  between  object, 
relational,  and  multidimensional  views  of  data. 

This  means  huge  savings  in  both  development  and 
processing  time.  And,  Cache-based  applications 
don’t  require  frequent  database  administration  or 
hardware  and  middleware  upgrades. 


More  than  just  a  database  system,  Cache 
incorporates  a  powerful  Web  application  develop¬ 
ment  environment  that  dramatically  reduces  the 
time  to  build  and  modify  applications. 

The  reliability  of  Cache  is  proven  every  day  in 
“life-or-death”  applications  at  hundreds  of  the  largest 
hospitals.  Cache  is  so  reliable,  it’s  the  world’s  leading 
database  in  healthcare  -  and  it  powers  enterprise 
applications  in  financial  services,  government  and 
many  other  sectors. 

We  are  InterSystems,  a  specialist  in  database 
technology  for  25  years.  We  provide  24x7  support 
to  four  million  users  in 
88  countries.  Cache  is 
available  for  Windows, 

OpenVMS,  Linux  and 
major  UNIX  platforms. 
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Make  Applications  Faster 


Download  a  fully-functional  version  of  Cache  or  request  it  on  CD  for  free  at  www.lnterSvstems.com/tiost-relational 
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Q&A 

Sharing  the  Info  Wealth 

One  of  the  most  important  tasks  facing 
the  business-intelligence  industry  is 
disseminating  information  from  analytics 
to  the  people  who  need  it  in  a  company, 
says  Don  Hatcher,  SAS’s  vice  president  of 
technology  strategy.  Page  30 


SECURITY  MANAGER’S  JOURNAL 

Corporation  Caught 
In  the  Cross  Hairs 

A  focused  e-mail  attack  makes  Vince  Tues¬ 
day  wonder  if  his  company  was  singled  out 
as  a  target.  An  investigation  lays  that  fear 
to  rest,  but  Vince  still  has  nagging  doubts 
about  his  company’s  security.  Page  32 


OPINION 

Bracing  for  the 
New  Privacy  Laws 

As  privacy  laws  proliferate,  fear 
of  lawsuits  and  legal  penalties 
will  push  the  issue  of  compli¬ 
ance  front  and  center,  says 
Robert  L.  Mitchell.  Page  34 


Hilton  hotels  corp.  is  in 
the  final  stages  of  a  mas¬ 
sive  system  upgrade  and 
conversion  but  is  already  saving 
millions  of  dollars  in  operating 
costs  and  software  license  fees. 
More  strategically,  the  total 
changeover  in  its  infra¬ 
structure  —  including 
server  hardware,  operat¬ 
ing  systems,  database  and 
application  architecture 
—  will  greatly  simplify 
maintenance  and  support  and 
free  up  IT  staff  to  concentrate 
on  business  process  improve¬ 
ments,  according  to  Damien 
Bean,  vice  president  for  corpo¬ 
rate  systems  at  Hilton. 

The  $4  billion,  Beverly  Hills, 
Calif.-based  lodging  company  is 
converting  its  suite  of  People- 
Soft  7.5  client/server  applica¬ 
tions  to  PeopleSoft  8  on  a  three- 
tier,  Web-based  architecture. 


It’s  also  scrapping  Unix-based 
Hewlett-Packard  Co.  servers  in 
favor  of  Windows  2000  Server 
boxes  from  Dell  Computer 
Corp.  and  replacing  its  Sybase 
Inc.  databases  with  SQL  Server 
2000  from  Microsoft  Corp. 

Hilton  merged  with  Promus 
Hotel  Corp.  in  December  1999. 
Today  the  company  owns  or 
manages  300  Hilton  hotels  and 
1,600  properties  in  the  Double- 
Tree,  Embassy  Suites,  Hampton 
Inns  and  Homewood  Suites 
chains.  “I  was  hired  in  April 
2000  to  pull  the  companies  to¬ 
gether,”  says  Bean.  “We  had 
every  platform  and  operating 
system  under  the  sun.” 

Just  before  the  merger,  in 
response  to  the  Y2k  challenge, 
Hilton  had  replaced  its  local, 
independent  payroll,  human 
resources  and  financial  systems 
with  centralized  PeopleSoft  7.5 
client/server  applications  run¬ 
ning  on  HP  hardware  and 
Sybase  database  server  soft¬ 
ware.  The  resulting  production 
environment  was  far  from  bul¬ 
letproof,  Bean  says.  “It  had  been 
a  mad  scramble  because  of  the 
Y2k  issue,  and  toward  the  end 
they  were  just  slamming  things 
together  and  hoping  for  the 

_  best,”  he  says. 

nri  n  Human  resources, 

r|£LU  yj  payroll  and  financial  ap- 
nrpnpT  ^plications  at  the  former 
ItLlUlll  Promus  hotels,  which 


had  been  running  on 
IBM  AS/400  computers  at  a 
central  data  center  in  Memphis, 
were  moved  to  the  PeopleSoft- 
HP- Sybase  system  as  well.  But 
then  Hilton  made  a  key  deci¬ 
sion  to  put  all  hotels  from  both 
companies  on  Promus’  custom- 
built,  SQL  Server-based  proper¬ 
ty  management  system. 

Bean  says  the  two  companies 
had  too  many  servers,  operating 
systems  and  databases  even  be- 


Hilton’s  migration  of  its 
enterprise  application  suite 
from  Unix  client/server  to 
athree-tier  Web  design  on 
Windows  pushed  the  limits  of 
the  technology.  But  it’s  finally 
paying  off.  By  Gary  H.  Anthes 
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WHAT  HILTON  DID 

V0JECT  Upgraded  People- 
Soft  7.5  client/server  application 
suite  to  Version  8  on  three-tier 
Web  architecture.  Migrated  from 
HP-Unix  to  Dell-Windows,  and 
from  Sybase  to  SQL  Server 

USERS  AFFECT;  1,500 

IE  S3.8  million, 
excluding  labor 

Increased  process¬ 
ing  efficiency  (speed)  by  a  factor 
of  six.  Hilton  expects  to  save  S4.5 
to  $5  million  annually. 

We  had  every 
platform  and 
operating  system 
under  the  sun. 

DAMIEN  JEAN,  VICE  PRESIDENT 
FOR  CORPORATE  SYSTEMS  (LEFT) 


_ adrUTJiQftrmii- _ . 


CHECKS 

INTO 

NEW 

SUITE 


28  COMPUTERWORID  June  30, 2003 


TECHNOLOGY 


www.computerworld.com 


fore  they  merged.  After  the  merger,  the 
mix  of  technologies  was  untenable,  a 
situation  not  improved  by  the  instabili¬ 
ty  of  the  production  environment.  The 
time  had  come  to  streamline,  simplify, 
and  standardize  in  order  to  cut  costs. 

Hilton  bumped  HP  in  favor  of  Dell 
largely  for  cost  reasons.  Bean  saw  Dell 
servers  as  commodity  boxes  that  could 
be  had  on  the  cheap  and  easily  replaced 
with  another  vendor’s  Wintel  machines 
anytime  a  better  deal  came  along.  As 
for  databases,  “we  didn’t  see  Sybase  as 
a  strategic  platform  for  Hilton,”  Bean 
says.  “I  had  visions  of  it  being  [ac¬ 
quired  by  Computer  Associates],  and  I 
didn’t  want  to  be  left  behind.” 

Bean  says  Hilton  had  two  long-term, 
industry-standard  options:  SQL  Server 
2000  on  Windows  and  Oracle9i  on 
Linux.  “We  clearly  knew  Oracle  would 
work,  and  we  got  a  very  competitive 
bid  from  Oracle,”  he  says.  On  the  nega¬ 
tive  side,  Hilton  staff  had  extensive 
SQL  Server  experience  but  virtually  no 
Oracle  expertise. 

Even  more  significant,  Hilton  was  al¬ 
ready  installing  the  SQL  Server-based 
property  management  system  at  every 
hotel,  and  the  software  license  from 
Microsoft  allowed  client  access  to  Peo- 
pleSoft  for  very  little  incremental  cost. 
It  was  cheaper  than  Oracle  “by  orders 
of  magnitude,”  Bean  says. 

But  Bean  had  concerns  about  scala¬ 
bility.  While  Oracle  could  do  the  job, 
the  suitability  of  SQL  Server  wasn’t  so 
clear,  and  no  reference  account  for 
SQL  Server  even  approaching  the  size 
of  Hilton  could  be  found.  “Clearly  we 
were  going  out  on  the  edge  of  the  per¬ 
formance  envelope,”  he  says. 

Bean  concluded  that  if  he  was  going 
to  live  on  the  edge,  so  would  his  three 
key  vendors  —  Dell,  PeopleSoft  and 
Microsoft.  He  met  with  senior  execu¬ 
tives  at  all  three  companies  and 
stressed  that  the  hotel  giant  would 
make  a  gold-plated  reference  account. 
“We  said,  ‘If  you’ve  got  someone  will¬ 
ing  to  try  this  and  take  some  risk,  this 
is  a  project  you  can’t  afford  to  let  fail,’  ” 
he  says. 

Scalding  Performance 

Hilton  decided  to  test  its  Wintel  sys¬ 
tem  concept  first  on  a  travel  agent 
commission  system,  an  HP- Sybase  ap¬ 
plication  that  had  been  coded  using 
the  PeopleTools  application  develop¬ 
ment  environment.  Although  it  was  big 
—  50  to  60  tables  and  100GB  of  data  — 
it  wasn’t  terribly  complicated,  nor  was 
it  so  time-sensitive  that  it  couldn’t  be 
down  for  a  day  or  two  if  there  were 
problems. 

SQL  Server  proved  up  to  the  task. 


HILTON'S  PEOPLESOFT 
ARCHITECTURE 


Hilton  originally  ran  PeopleSoft  7.5  client/ 
server  applications  on  a  Sybase  database  in 
a  single,  eight-CPU  HP/9000  N  class  server, 
with  all  application  and  database  processing 
performed  oignlM^^ftny  payroll  sys- 
tem  components  were  processed  using  sin¬ 
gle-threaded  Cobol  code.  Now,  Hilton  runs 
PeopleSoft  8  on  a  clus¬ 
tered,  Web-based,  three- 
tier  architecture  that  in- 
cludes  SQL  Server  2000. 
Tasks  are  spread  across 
more  than  70  processors 
on  12  servers,  and  a  new 
application  engine  allows 
multithreaded  payroll 
processing,  improving 
processing  time  by  a 
factor  of  six. 


Dell  845Q 
eight-CPU  server 

SOFTWARE 

PeopleSoft  8  HR 
Payroll 
Financials 
SQL  Server  2000 


APPLICATION 
BATCH  TIER 


Dell  8450 
eight-CPU  servei 


Windows 
2000  Server 
BEA  Web- 
Logic/Tuxedo 


The  PeopleSoft  application  servers 
and  SQL  Server  database  servers  “ran 
like  a  scalded  bat,”  performing  six 
times  faster  than  the  previous  system, 
Bean  recalls.  Gratified  and  embold¬ 
ened,  Hilton’s  IT  shop  moved  on  to  mi¬ 
grate  the  PeopleSoft  HR  and  payroll 
systems  for  71,000  employees. 

The  project  turned  out  to  be  far  more 
complicated  than  expected,  Bean  says, 
because  no  one  had  ever  set  up  such  a 
large  PeopleSoft  HR  system:  It  consist¬ 
ed  of  six  four-way  Web  servers  and  five 
eight-way  application  servers.  The  job 
was  further  complicated  by  the  proc¬ 
essing  autonomy  and  flexibility  Hilton 
gives  its  hotels.  “Hilton  is 
the  ultimate  real-time  envi¬ 
ronment,”  Bean  says.  “We 
don’t  do  batch  payrolls 
every  Thursday  night.  If 
Hotel  A  wants  to  run  its 
payroll  Monday  at  11  p.m., 
they  do  it.” 

Dell,  Microsoft  and  Peo¬ 
pleSoft  provided  sustained 
on-site  support,  as  did  BEA 
Systems  Inc.,  supplier  of 
the  WebLogic  Web  servers  and  Tuxedo 
application  servers  used  in  the  project. 
“We  were  doing  engineering  that  no 
one  had  ever  done  before,”  Bean  says. 

“  We  did  an  enormous  amount  of  brain¬ 
storming  on  the  new  setup  and  how  to 
load-balance  across  it.”  And  they  made 
it  work. 

Payroll  Problems 

But  Hilton’s  infinitely  variable  proc¬ 
essing  schedule  made  exhaustive  pre- 
production  testing  impossible,  and  on 
the  first  day  running  the  new  system, 
payroll  “went  to  hell  in  a  handbasket,” 
Bean  recalls.  One  thing  that  apparently 
hadn’t  been  tested  was  a  condition  that 
caused  the  cache  used  by  an  optimizer 
in  SQL  Server  to  balloon  from  its  nor¬ 
mal  10KB  of  RAM  to  1.3GB.  “At  that 
point,  all  the  database  CPUs  spun  up  to 
100%  [utilization],  and  the  only  way  to 
get  it  back  under  control  was  to  push 
the  button  and  turn  it  off,”  Bean  says. 

Payroll  is  Hilton’s  No.  1  priority  for 
disaster  recovery,  according  to  Bean. 
“Microsoft  had  six  people  on-site  the 
next  morning  [Tuesday],  plus  a  team  in 
Redmond.  They  had  three  bug  fixes  by 
that  Sunday  night,  which  is  phenome¬ 
nal,”  he  says. 

Hilton’s  employees  got  paid,  but 
only  after  round-the-clock  efforts  by 
the  company’s  payroll  staff.  It  took 
three  weeks  to  completely  catch  up, 
Bean  says. 

Hilton  is  now  in  the  final  phase  of  its 
IT  architecture  makeover:  converting 
its  PeopleSoft  financial  applications  to 


the  three-tier  Dell-SQL  Server  system. 
Bean  expects  to  have  that  in  produc¬ 
tion  by  August. 

In  the  meantime,  stress  testing  will 
be  in  the  spotlight.  The  bug  in  payroll 
popped  up  when  an  online  process  col¬ 
lided  with  some  batch  code  running  at 
the  same  time,  and  Hilton  has  modi¬ 
fied  its  approach  to  testing  as  a  result. 
“HR  is  a  very  batch-oriented  system, 
and  our  focus  was  on  those  things  that 
were  commonly  run,”  says  Roxanne 
Cheong,  Hilton’s  manager  of  database 
administration.  “But  with  the  financial 
systems,  we  are  throwing  in  ad  hoc 
things,  online  transactions  during  the 
stress  tests.” 

“We  should  have  done  a 
bit  better  on  the  stress  test¬ 
ing,  which  is  why  we  are 
spending  an  awful  lot  more 
time  on  it  now,”  says  Jane 
Melville,  project  manager 
and  director  of  corporate 
systems.  “It  takes  a  lot  of 
expertise  to  get  each  layer 
correct”  in  a  three-tier  ar¬ 
chitecture,  she  adds. 

Melville  says  her  team  has  spent  six 
weeks  writing  scripts  —  using  Load- 
Runner,  a  testing  tool  from  Mercury 
Interactive  Corp.  —  to  do  stress  testing 
for  the  financial  applications. 

The  tests  will  run  at  a  Dell  laborato¬ 
ry  in  Austin,  where  the  vendor  has  set 
up  a  mock  production  environment  in 
which  it  can  simultaneously  stress-test 
its  own  hardware,  Hilton’s  PeopleSoft 
applications  and  SQL  Server.  All  four 
companies  have  people  on  site. 

When  testing  is  complete,  the  entire 
system  will  be  shipped  to  Hilton’s 
Memphis  data  center.  “I’m  trying  to 
fundamentally  offload  and  mitigate  as 
many  risks  as  possible,”  Bean  says. 

Saving  Millions 

All  the  migrations  will  save  $4.5  mil¬ 
lion  to  $5  million  out  of  Hilton’s  $150 
million  IT  budget,  Bean  says.  The  total 
cost,  not  counting  internal  labor,  will 
come  in  at  about  $3.8  million,  he  says. 

Robert  La  Forgia,  a  senior  vice  presi¬ 
dent  and  Hilton’s  controller,  says  the 
upgrades  will  benefit  Hilton  customers 
by  making  it  easier  for  the  IT  staffers 
to  adapt  systems  that  touch  them  — 
such  as  reservations  and  billing  —  to 
customers’  changing  needs. 

As  for  internal  customers,  the  new 
architecture  has  already  so  stream¬ 
lined  processing  that  La  Forgia  is  now 
able  to  close  the  books  in  six  days  in¬ 
stead  of  10.  “We  have  decreased  proc¬ 
essing  time  considerably,”  he  says.  “We 
have  a  lot  less  blood,  sweat  and  tears 
and  a  lot  less  overtime.”  I 


MORE  HILTON 

Hilton  will  be  a  guinea  pig  for 
a  new  clustering  technology 
from  Dell: 

QuickLink  39246 

Timeline:  A  chronology  of 
Hilton’s  data  center  upgrade 
project: 

Cl  QuickLink  39097 
www.computerworld.com 


>  9:32  am.  Martha  Watson  counts  over  1,200  name  brands  in  order  to  justify  the  word  "more"  to  the  legal  department. 
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The  university  of  dayton’s 
network  used  to  go  down  all 
the  time.  Students  introduced 
viruses  from  their  laptops,  and 
university  servers  were  the 
targets  of  an  unrelenting  barrage  of 
worms  like  Nimda  and  Code  Red. 

“At  one  point,  the  network  was  going 
down  on  almost  a  daily  basis,”  says 
Tom  Danford,  CIO  at  the 
Ohio  institution.  Last  Octo¬ 
ber,  Danford  turned  to  a 
new  type  of  security  prod¬ 
uct:  an  intrusion-prevention 
system  (IPS).  The  universi¬ 
ty  bought  two  UnityOne-2000s  from 
TippingPoint  Technologies  Inc.  in 
Austin.  The  appliances  monitor  net¬ 
work  traffic  for  anomalies  such  as 
buffer  overflow  attacks  and  automati¬ 
cally  drop  packets  associated  with 
those  events,  essentially  cutting  off  at¬ 
tacks  before  they  can  start. 

With  a  list  price  of  $99,995  each,  the 
TippingPoint  devices  aren’t  cheap  (al¬ 
though  Danford  received  a  substantial 
academic  discount).  And  the  technol¬ 
ogy  —  which  has  been  on  the  market 
for  a  little  over  a  year  —  is  unproven  in 
large-scale  corporate  networks.  But 
Danford  was  ready  to  try  anything. 

“We  have  to  have  some  level  of  open¬ 
ness  on  our  network.  We  can’t  lock  it 
down  like  a  bank  could,”  he  says. 

In  January,  two  weeks  after  Danford 
set  up  the  appliance,  the  SQL  Slammer 
worm  hit.  “We  didn’t  skip  a  beat.  We 
had  a  lot  of  exposed  servers,”  he  says. 
Overall,  the  university  receives  over 


3,000  attack  attempts  every  week.  So 
far,  he  says,  they’ve  all  been  filtered  out. 

Many  companies  face  similar  chal¬ 
lenges.  The  number  of  system  vulnera¬ 
bilities  and  cyberattacks  are  skyrocket¬ 
ing,  according  to  the  CERT  Coordina¬ 
tion  Center  at  Carnegie  Mellon  Uni¬ 
versity  in  Pittsburgh,  which  logged 
52,658  malicious  incidents  in  the  first 
quarter  alone.  And  the 
propagation  speed  of  at¬ 
tacks  has  gone  up  dramati¬ 
cally,  says  Neal  Hartsell, 
vice  president  of  product 
marketing  at  TippingPoint. 
For  example,  the  Nimda  worm  took  a 
day  or  two  to  infect  thousands  of  hosts 
worldwide  in  2001.  In  January,  the  SQL 
Slammer  worm  compromised  nearly 
100,000  machines  in  just  30  minutes. 


IPS  PROS  AND  CONS 

♦  illegitimate 
requests  on  a  network  or  server. 

♦  or  learned  behavior 
patterns  as  well  as  signatures  to 
detect  and  block  both  known  and 
unknown  attacks. 

♦  to  test 
security  patches  and  fixes  before 
deploying  them. 

false  positives  that 
block  legitimate  traffic. 

Even  host-based  devices  are  still 
unproven  in  large-scale  deployments. 


IPSs  work  by  proactively  blocking 
illegitimate  network  traffic  and  server 
requests,  including  both  known  and 
unknown  threats.  They  immediately 
block  network  traffic  or  server  re¬ 
quests  flagged  as  malicious  by  moni¬ 
toring  deviations  from  normal  system 
behavior  or  by  following  a  series  of 
rules.  By  contrast,  intrusion-detection 
systems  (IDS)  recognize  only  known 
attack  patterns.  They  flag  network  in¬ 
trusions  after  the  fact,  issuing  alerts  or 
pouring  the  data  into  logs  for  later  re¬ 
view  by  a  systems  administrator. 

To  Richard  Stiennon,  an  analyst  at 
Gartner  Inc.,  the  advantages  of  an  IPS 
over  an  IDS  are  clear.  “If  you  owned  a 
jewelry  store,  would  you  rather  add  a 
deadbolt  to  the  front  door  or  add  an¬ 
other  security  camera?”  he  says. 

As  with  IDSs,  vendors  offer  both 
host-  and  network-based  IPSs.  Host- 
based  IPSs  (HIPS)  first  appeared  more 
than  two  years  ago  and  are  just  begin¬ 
ning  to  gain  mainstream  acceptance. 
Network  Associates  Inc.  says  more 
than  1,000  companies  use  its  Entercept 
HIPS  product.  The  systems  work  by 
installing  a  software  agent  on  each 
server  and  then  managing  the  agents 
from  a  central  console. 

Network-based  IPSs  (NIPS),  avail¬ 
able  from  companies  like  Tipping¬ 
Point,  are  relatively  new.  These  “in¬ 
line”  systems  sit  on  the  network  and 
inspect  packets  for  anomalies.  But 
adoption  has  been  slow  to  date  be¬ 
cause  potential  buyers  are  unsure  how 
a  NIPS  fits  into  the  overall  security 
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Outlook:  As  IPS  technologies  mature,  users  say  the 
benefits  of  proactively  blocking  attacks  outweigh  the 
risks  of  false  positives.  By  Lauren  Gibbons  Paul 


■  PRODUCTS 

IPS  Emerges 
From  Mergers 

Until  recently,  start-ups  and  indepen¬ 
dent  vendors  dominated  in  the  IPS 
market.  But  the  niche  has  recently 
caught  the  attention  of  large  vendors 
of  network  security  products,  leading 
to  an  acquisition  spree.  That’s  good 
news  for  corporate  IT,  since  it  means 
scalability  and  support  are  likely  to 
get  better. 

IPS  products  fall  into  host-  and  net¬ 
work-based  categories,  but  at  least 
one  vendor  has  an  offering  in  both 
camps.  Network  Associates  in  Santa 
Clara,  Calif.,  now  owns  a  HIPS  product, 
Entercept,  as  a  result  of  its  April  acqui¬ 
sition  of  Entercept  Security  Technolo¬ 
gies  Inc.  And  in  May  it  acquired  Intru- 


picture,  according  to  Stiennon. 

Both  types  of  IPSs  yield  other  bene¬ 
fits  as  well.  For  example,  network  ad¬ 
ministrators  can  deploy  software 
patches  on  a  scheduled  basis  rather 
than  rush  them  out  as  emergency  fixes. 
With  an  IPS  in  place,  “companies  . . . 
can  be  assured  they  are  maintaining 
security  until  they  can  deploy  the 
patch,”  says  Eric  Ogren,  an  analyst  at 
The  Yankee  Group  in  Boston. 

IPSs  may  also  deter  attackers  from 
launching  a  major  attack  on  a  network. 
Many  attackers  do  test  runs  prior  to  at¬ 
tacking  a  system.  If  a  threat  is  deflect¬ 
ed,  that  may  dissuade  an  attacker  from 
a  broader  attack.  “We’ve  seen  the  sys¬ 
tem  deter  attacks.  That’s  a  cool  thing,” 
says  Bryan  Turbow,  founder  and  presi¬ 
dent  of  Myrient  Inc.,  a  managed  ser¬ 
vices  provider  in  Aliso  Viejo,  Calif. 
Myrient  uses  Captus  IPS,  a  NIPS  sys¬ 
tem  from  Woodland,  Calif-based  Cap¬ 
tus  Networks  Corp. 

NIPSs  and  HIPSs  aren’t  mutually  ex¬ 
clusive.  Ideally,  both  types  of  IPSs 
should  be  part  of  a  layered  informa¬ 
tion-security  architecture  that  also  in¬ 
cludes  firewalls,  vulnerability  assess¬ 
ment  and  remediation  alongside  other 
types  of  protection,  say  analysts. 

But  users  are  wary  of  buying  a  prod¬ 
uct  that  might  generate  false  positives, 
a  major  complaint  about  IDSs.  The 
consequences  of  a  false  positive  are 
more  dire  with  an  IPS,  since  it  could 
block  legitimate  business  traffic  rather 
than  just  generate  alerts  or  reports. 
Some  vendors  claim  that  their  products 
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UmtyOne-2000 

TlppingPoint’s  $99,995  Unity0ne-2000 
NIPS  protects  LAN  segments  with  traffic 
upto2Gbit/sec. 

Vert  Networks  Inc.  and  its  IntruShield  family 
of  NIPS  products. 

Cisco  has  gotten  involved  as  well,  acquir¬ 
ing  Waltham,  Mass.-based  HIPS  vendor 
Okena  in  April  and  rechristening  its  Storm- 
Watch  product  Cisco  Security  Agent. 

Primary  Response,  from  Sana  Security 
Inc.  in  San  Mateo,  Calif.,  and  STAT  Neutral¬ 
izer,  from  Melbourne,  Fla.-based  Harris 
Corp.,  round  out  the  major  HIPS  products. 


Pricing  varies,  but  Entercept  starts 
at  $1,295  per  server  and  $4,995  for  the 
console. 

The  first  NIPS  products  appeared  in  early 
2002  but  have  yet  to  catch  on  with  buyers. 
TippingPoint  claims  over  30  customers  to 
date.  Firewall  vendor  NetScreen  Technolo¬ 
gies  Inc.,  which  bought  OneSecure  Inc.  last 
year,  now  sells  NetScreen-IDP.  Other  play¬ 
ers  include  Captus  Networks,  which  offers 
the  IPS  4000  series.  Prices  for  NIPS  appli¬ 
ances  start  at  about  $40,000  and  go  as 
high  as  $100,000  or  more. 


are  less  likely  to  have  false  positives  be¬ 
cause  their  filtering  techniques  are 
more  sophisticated  than  those  of  IDSs. 

But  not  all  users  agree.  “You  still  do 
have  false  positives,”  says  Vivek  Kun- 
dra,  director  of  infrastructure  tech¬ 
nologies  for  the  Arlington  County,  Va., 
government.  In  October,  he  spent 
$30,000  to  install  Entercept  on  30  criti¬ 
cal  servers.  “We  have  spent  a  lot  of 
time  in  the  lab  to  make  sure  we’re  not 
shutting  down  government  services  to 
our  constituents,”  he  says. 

There  is  nothing  inherent  in  IPS 
technology  that  makes  it  more  accu¬ 
rate  than  IDS,  adds  Jonas  Hellgren, 
vice  president  of  product  management 
at  Guardent  Inc.,  a  security  services 
provider  in  Waltham,  Mass.,  that  offers 
IPS  management. 

Cisco  Systems  Inc.,  citing  the  false¬ 
positive  issue,  is  sitting  out  the  NIPS 
business  for  now,  despite  its  recent  ac¬ 
quisition  of  HIPS  vendor  Okena  Inc. 
“Once  we  fix  the  false-positive  prob¬ 
lem,  we  can  go  on  to  being  more 
proactive,”  says  Tom  Turner,  director 
of  marketing  for  the  newly  renamed 
Cisco  Security  Agent  HIPS  product. 


Adding  an  Intrusion-Prevention 
Security  Layer 

As  with  IDSs,  IPS  designs  can  include  both  host-  and  network-based  components.  Unlike  IDSs, 
however,  IPSs  apply  rules  or  detect  unusual  patterns  of  behavior  in  order  to  block  possible  attacks, 
not  just  log  them.  While  NIPS  appliances  monitor  network  activity  on  the  wire,  protecting  entire 
network  segments,  HIPS  devices  protect  applications  residing  on  individual  servers. 


SOURCE  TIPPINGPOINT  TECHNOLOGIES  INC..  AUSTIN 


Good  Enough 

IPS  technology  isn’t  yet  mature,  says 
Stiennon.  And  ultimately,  IPS,  IDS  and 
other  security  functions  will  merge 
into  firewalls,  which  will  become  gen¬ 
eral-purpose  security  appliances.  But 
he  doesn’t  think  IT  should  wait,  be¬ 
cause  IPSs  are  the  only  way  to  prevent 
attacks  —  both  known  and  unknown 
—  before  they  occur.  “This  is  good 
technology  that  works,”  Stiennon  says. 

Kundra  says  intrusion  prevention 
should  be  part  of  every  IT  manager’s 
security  portfolio.  “There  is  still  a  lot 
of  human  intervention  needed  to  de¬ 
fine  the  types  of  behavior  that  are  au¬ 
tomatically  excluded,”  he  says.  “You 
have  to  create,  test  and  manage  those 
rules.”  Nonetheless,  he  says,  it’s  irre¬ 
sponsible  not  to  invest  in  an  IPS  today. 
A  few  years  ago,  many  IT  managers 
didn’t  believe  antivirus  products 
would  work,  he  says.  Yet  they  protect 
against  viruses  that  could  bring  down 
an  enterprise.  “Why  wait  for  an  orga¬ 
nized  cyberattack?”  Kundra  says. 

Yankee  Group’s  Ogren  agrees.  “This 
technology  may  not  be  mature,  but 
there’s  no  value  in  waiting.  It  is  the 
only  chance  an  organization  has  today 
against  Day  Zero  attacks.  It  will  get  eas¬ 
ier  and  scale  better  as  time  goes  on.  But 
it’s  ready  for  prime  time  right  now.”  I 


Paul  is  a  freelance  writer  in 
Newton,  Mass.  You  can  reach  her 
at  laurenpaul@attbi.com. 
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All  IPSs  can  protect 
against  known  attacks 
by  using  signatures, 
which  define  the  specif¬ 
ic  pattern  associated  with  a  worm 
like  Slammer  or  Fizzer.  But  an  I  PS’s 
real  strength  lies  in  its  ability  to  pro¬ 
tect  against  threats  for  which  no  sig¬ 
nature  exists. 

NIPSs  inspect  network  traffic  for 
compliance  with  a  set  of  rules  for  ac¬ 
ceptable  and  unacceptable  behavior 
as  defined  by  a  security  expert.  By 
contrast,  HIPSs,  which  reside  on  a 
server,  take  two  different  approaches 
to  accomplish  this  task. 

Cisco  Security  Agent  and  Network 
Associates’  Entercept  are  examples 
of  HIPS  products  that  use  a  rules- 
based  approach.  A  security  expert 
describes  behavior  he  considers  nor¬ 
mal  and  acceptable  for  the  server 
as  well  as  a  list  of  outright  unaccept¬ 
able  behavior,  and  the  system  inter¬ 
prets  and  blocks  activity  based  on 
those  rules. 

“The  downside  is,  the  burden  of 
managing  that  description  rests  with 
the  customer,"  says  Yankee  Group  an¬ 
alyst  Eric  Ogren.  And  since  security  is 
a  moving  target,  those  rules  must  be 
updated  regularly. 

By  contrast,  Sana  Security  Inc.  in 
San  Mateo,  Calif.,  uses  a  behavior- 
based  approach.  After  being  placed 
on  a  server,  its  Primary  Response  sys¬ 
tem  uses  artificial-intelligencelike  ca¬ 
pabilities  to  “learn”  what  is  normal  be¬ 
havior  for  that  server.  “By  looking  at 
the  sequence  of  system  calls,  it  builds 
a  profile  of  what  is  being  run  through 
the  server  path,”  says  Steve  Hofmeyr, 
chief  scientist  at  Sana. 

But  that  isn’t  foolproof,  either. 
“What  if  an  attack  happens  while  the 
.  product  is  in  learning  mode?”  asks 
Jim  Hurley,  an  analyst  at  Aberdeen 
Group  Inc.  in  Boston.  “And  there’s  no 
way  of  knowing  what  is  normal  under 
all  conditions,”  potentially  leading  to 
legitimate  requests  being  blocked. 
Hurley  calls  himself  a  skeptic  when  it 
comes  to  intrusion  prevention,  though 
he  concedes  that  “some  of  this  has 
great  promise." 

-  Lauren  Gibbons  Paul 
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Sharing  the 

InfoVaBh 


Distributing  information  from 
analytics  throughout  a  company  is 
the  BI  industiys  greatest  challenge, 
says  SAS  Institute’s  Don  Hatcher. 


Don  Hatcher  leads  a  team 
that  shapes  the  strategic 
direction  of  SAS  Institute 
Inc.’s  products  and  tech¬ 
nologies.  Cary  N.C.-based  SAS’s  current 
initiatives  focus  in  part  on  distributing 
analytics  throughout  its  customers’  or¬ 
ganizations,  rather  than  limiting  access 
to  the  tools  to  a  few  highly  trained  indi¬ 
viduals,  said  Hatcher  in  an  interview 
with  Computerworld’s  Tommy  Peter¬ 
son.  He  also  said  the  biggest  barriers  to 
a  business-intelligence  (BI)  implementa¬ 
tion  don’t  always  involve  technology. 

What  is  the  thing  your  customers  are  asking 
for  most  often?  If  I  had  to  give  you  one 
thing,  I  think  it  is  enabling  a  greater 
percentage  of  the  enterprise  to  lever¬ 
age  our  analytics.  It’s  dissemination. 
There’s  this  concept  that  we  have, 
which  is  the  information  supply  chain. 
It  started  by  just  getting  access  to  data 
—  that’s  where  all  the  vendors  were  fo¬ 
cused.  Then  we  all  were  focused  on 
storing  it  and  being  able  to  analyze  it. 
And  then  we  were  focused  on  having 
some  tools  so  you  could  analyze  it  dif¬ 
ferently.  The  big  focus  nowadays  for 
SAS  is,  How  do  we  get  this  breadth  of 
information  out  to  the  wider  audience? 
Because  we  believe  that  80%  of  a  cus¬ 
tomer’s  enterprise  needs  are  business 
intelligence  today.  We’ve  had  cus¬ 
tomers  tell  us  that  [they]  can’t  find 
enough  business  analysts.  We  need  to 
empower  domain  experts  and  informa¬ 
tion  consumers  to  do  some  things 
themselves.  That’s  what  you  [will]  see 
us  delivering  in  [Version]  9.1  when  it 
comes  out  —  a  breadth  of  interfaces  so 
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that  80%  of  an  enterprise  can  use  busi¬ 
ness  intelligence,  instead  of  a  very 
small  percentage  of  an  enterprise. 

How  tough  was  it  to  adjust  your  technology 
to  do  that?  Actually,  we  didn’t  have  to 
adjust  the  technology;  we  just  had  to 
add  delivery  mechanisms  on  top  of  it. 
Our  analytics  still  play  a  huge  role 
within  enterprises.  We  just  needed  to 


enable  domain  experts  and  informa¬ 
tion  consumers  to  be  able  to  leverage 
them.  We’ve  spent  two  or  three  years 
working  on  this  project.  We  hired  32 
new  usability  experts  writing  the  front 
ends.  We’ve  got  another  250  develop¬ 
ers  sitting  there  writing  the  BI  back 
end.  We  spent  a  lot  of  time  talking  to 
our  customers  to  understand  how  this 
dissemination  needed  to  happen. 

Are  you  eliminating  the  hierarchy  of  people 
with  doctoral  degrees  in  statistics  or  some 
other  math  field  so  you  can  present  the  infor¬ 
mation  to  the  people  who  need  to  know  it? 

You  need  the  Ph.D.s  to  create  the  ini¬ 
tial  model.  What  we’re  not  doing  is 
dumbing  down  the  analytics.  We’re 
just  ensuring  that  when  they  get  used, 
that  people  who  know  how  to  use 
them  are  creating  a  safe  environment 
for  the  rest  of  the  knowledge  base. 
There’s  a  lot  of  folks  out  there  dumb¬ 
ing  down  analytics  and  black-boxing 
stuff.  That’s  very  dangerous,  because 
models  have  to  be  retrained  to  notice 
the  subtleties  in  the  data. 

What  does  it  mean  to  have  to  retrain  mod¬ 
els?  If  you  build  the  model,  it’s  just  a 
bunch  of  nodes  hooked  together  that 
don’t  particularly  know  anything  yet, 
and  you  need  to  run  data  through 
them,  which  creates,  say,  a  decision 
tree,  which  is  an  example  of  one  data 
mining  model.  It  comes  up  with  a  deci¬ 
sion  tree  that  says,  “When  boys  be¬ 
tween  25  and  30  buy  gym  shoes,  try  to 
sell  them  gym  socks  also.  But  for  a  guy 
who’s  45  to  50  who  buys  gym  shorts, 
you  don’t  necessarily  want  to  sell  him 
gym  socks.”  You’ve  got  to  train  the 
model  and  then  you  leverage  the  mod¬ 
el.  But  the  model  needs  to  be  retrained 
from  time  to  time  because  the  informa¬ 
tion  in  the  data  changes.  You  make 
some  adjustments  in  your  model  based 
on  this  new  information  to  keep  it 
fresh  or  even  make  it  better  at  times. 


Does  that  mean  that  analytics  is  a  technolo¬ 
gy  that  isn’t  going  to  be  commoditized  any¬ 
time  soon?  Actually,  that’s  exactly  what 
I  think  we’re  doing.  We’re  enabling  an 
enterprise  to  take  advantage  of  it  but 
allowing  them  to  do  it  in  a  controlled 
manner.  But  the  models  have  to  be  kept 
fresh.  To  some  banks,  a  half-percent  in¬ 
crease  in  something  represents  millions 
of  dollars.  It’s  those  kinds  of  things  that 
you  learn.  You  create  a  model  that 
makes  you  better  than  you  were,  but 
then  you  gather  new  data,  and  you’re 
able  to  tune  the  model  even  more. 

The  key  thing  we’ve  been  hearing  is 
enabling  the  enterprise.  People  can  be 
told  they’re  empowered,  but  until  you 
give  them  the  information  to  truly  let 
them  be  empowered,  they  won’t  be¬ 
lieve  you  —  and  they’d  be  right. 

What  are  the  biggest  problems  companies 
face  in  trying  to  implement  business  intelli¬ 
gence  and  analytics?  The  big  pain  I  really 
think  is  organizational  change. . . .  I’m 
not  trying  to  downplay  the  challenges 
with  implementing  technology,  but  I 
would  wager  that  most  of  the  chal¬ 
lenges  around  technology  have  to  do 
with  culture,  have  to  do  with  people, 
have  to  do  with  process.  I  know  there 
are  customers  where  I  could  go  in  and 
sell  them  systems  that  would  make 
them  more  effective  as  a  company,  but 
their  culture  won’t  allow  it  to  be  suc¬ 
cessful.  Each  silo  of  the  business  is  re¬ 
warded  for  maximizing  their  silo. 

If  you  want  a  technology,  I’d  say  data 
quality  is  the  biggest  pain.  Data  quality 
can  delay  an  implementation  of  a  ware¬ 
house  or  even  a  data  mart  upwards  of 
six  months  or  more.  As  soon  as  you 
pull  data  that’s  not  accurate  through 
and  into  a  warehouse  and  report  on  it 
and  give  it  to  somebody,  their  trust  of 
the  new  system  instantly  dies.  I 
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Taming  Data 
Complexity 

Technology  promises  lucid  displays 
of  complicated  information,  regardless 
of  its  format.  By  Julia  King 


WHILE  MUCH  OF  THE 
IT  world  focuses 
on  building  com¬ 
puters  that  are 
faster,  smaller,  cheaper  and 
brainier,  CEO  Peter  Lucas  and 
his  colleagues  at  Maya  Design 
Inc.  are  obsessed  with  liberat¬ 
ing  the  reams  of  data  that 
computers  contain,  regardless 
of  the  format  in  which  the 
data  is  stored. 

To  Lucas,  computers 
are  little  more  than 
“transducers”  —  nec¬ 
essary  but  “uninterest¬ 
ing  prosthetic  devices” 
for  viewing  data.  “We  can’t  see 
data,  so  we  build  computers, 
the  same  way  we  use  goggles 
to  see  infrared,”  he  says. 

What  would  be  much  more 
valuable,  Lucas  believes,  is  a 
computing  architecture  for 
sharing  data  now  stranded  in 
relational  databases,  which  he 
calls  “information  islands.” 


This  is  also  the  goal  of  the 
Semantic  Web,  which  involves 
taking  a  relational  database 
and  “webbing  it,”  according  to 
Web  inventor  Tim  Berners- 
Lee  [see  story,  QuickLink 
37596].  Where  Maya’s  technol¬ 
ogy  differs,  Lucas  says,  is  in 
“taking  the  much  more  radical 
step  of  freeing  the  data  from 
any  particular  Web  page  or 
any  particular  ma¬ 
chine.” 

Instead  of  describ¬ 
ing  data  in  a  standard 
way  or  with  metadata 
as  the  Semantic  Web 
does,  Maya’s  technology 
wraps  the  data  in  “containers,” 
which  reside  in  repositories  in 
a  peer-to-peer-based  “infor¬ 
mation  space”  where  people 
can  meet  and  collaborate. 

Pittsburgh-based  Maya,  a 
spin-off  of  Carnegie  Mellon 
University,  has  come  up  with  a 
container  it  calls  a  “u-form” 


that  Lucas  says  makes  it  easy 
to  transfer  and  manipulate 
data  across  different  computer 
systems  and  applications. 
Higher-level  semantics  can  be 
layered  on  top  of  the  u-forms. 

What  guides  the  transfer  of 
data  from  place  to  place  is  a 
set  of  “shepherds,”  or  rules- 
based  software  agents  devel¬ 
oped  by  the  data  owners.  For 
corporate  applications,  Lucas 
notes  that  u-forms  could  be 
encrypted  and  shepherded 
only  to  paying  customers. 

The  same  data  could  be 
viewed  in  different  ways  by 
different  users.  For  example,  a 
logistics  manager  could  view 
on  his  PC  a  geographic  map  of 
warehouses  and  their  contents 
in  a  specific  region.  Mean¬ 
while,  an  inventory  manager 
could  draw  on  the  same  data 
and  display  on  his  handheld 
device  a  bar-chart  representa¬ 
tion  of  goods  available  for 
shipment  from  those  ware¬ 
houses. 

In  this  example,  multiple 
distributed  views  of  the  data 
could  be  linked  in  real  time, 
permitting  the  data  itself  to 
become  a  medium  for  collabo¬ 
rative  work.  This  is  compara¬ 
ble  to  two  users  running  Excel 
on  the  same  data  set,  and 
every  time  one  of  them 
changes  a  number,  the  other’s 
display  is  instantly  updated. 

Maya  Design’s  Maya  Viz 
software  arm  has  technology 
it  calls  CoMotion,  a  set  of 


FUTURE 

WATCH® 


An  ‘Information  Commons’ 

In  a  simplified  version  of  Maya’s  vision,  data  of  all  types  and  formats  is  ensconced  in  u-forms,  or  standard  information 
containers  that  can  be  easily  moved  among  “schema-neutral”  repositories  in  a  peer-to-peer  network.  Data  can  be  en¬ 
tered  or  accessed  simultaneously  as  well  as  displayed  differently  by  people  using  different  devices. 


DISPLAY  DEVICES:  Display 
devices  “project”  views  of  u-forms 
from  repositories  into  a  user’s 
world,  the  form  of  the  visualization 
is  strictly  separated  from  underlying 
representations. 


U-FORMS:  U-forms  are  standardized  “contain¬ 
ers”  for  transporting  data  of  all  kinds.  Each 
u-form  is  simply  a  bundle  of  attribute  value  pairs 
tagged  with  a  universally  unique  identifier. 


REPOSITORIES:  Radically 
new  database  technology 
implements  a  schema- 
neutral  storage  scheme. 
Repositories  simply  store 
^  and  retrieve  u-forms. 


Maya  Design  CEO  Peter  Lucas  fore¬ 
sees  an  “information  commons.” 


tools  for  building  different 
views  of  data  that’s  stored  in 
u-forms.  The  shepherds  tell 
the  u-forms  where  they  can 
and  can’t  go,  based  on  the 
metadata,  or  data  about  the 
data,  that’s  contained  in  the 
unique  identifier  portion  of 
the  u-form.  Individual  applica¬ 
tions  on  a  user’s  machine 
(built  using  CoMotion’s  visu¬ 
alization  tools)  dictate  how 
data  will  be  displayed. 

The  U.S.  Transportation 
Command,  or  Transcom,  at 
Scott  Air  Force  Base  in  Illi¬ 
nois,  is  an  early  beta  tester  of 
CoMotion.  Transcom  is  using 
the  software  to  create  differ¬ 
ent  views  of  the  vast  amounts 
of  data  it  must  manipulate. 

“Since  9/11,  we’ve  moved 
700,000  people  and  over  2  mil¬ 
lion  short  tons  of  cargo.  We 
have  seven  requirements  data¬ 
bases  that  we  pull  from,”  each 
of  which  uses  a  different  data 
schema  and  format,  explains 
Lt.  Col.  Cody  Smith,  director 
of  operations.  Using  Maya’s 
technology,  Transcom  is  able 
to  display  that  data  differently 
to  its  various  customers. 

“If  we’re  dealing  with  ships, 
for  example,  we  need  to  be 
displaying  metric  feet.  Others 
need  to  look  at  tons  or  short 
tons  of  cargo,”  Smith  says. 

Common  Understanding 

“U-forms  and  the  Semantic 
Web  are  aimed  at  solving  dif¬ 
ferent  kinds  of  problems,”  says 
Jason  Bloomberg,  a  senior  an¬ 
alyst  at  ZapThink  LLC  in  Wal¬ 
tham,  Mass.  “The  Semantic 
Web  is  aimed  more  at  busi- 
ness-to-business  communica¬ 
tions,  where  Company  A  and 
Company  B  need  a  common 
understanding  of  the  termi¬ 
nology.  A  purchase  order,  for 
example,  has  to  mean  the 
same  thing  to  both  of  them. 


“The  Semantic  Web  is  about 
getting  computers  to  under¬ 
stand  content.  U-forms  are 
giving  human  beings  more 
power  in  working  with  sys¬ 
tems  and  content,”  he  adds. 

“The  technical  break¬ 
through  we’ve  made  is  sepa¬ 
rating  the  information  from 
the  visualization  and  manipu¬ 
lation,”  says  Maya’s  Lucas.  He 
foresees  a  world  of  peer-to- 
peer  “civic  computing”  in 
which  virtually  all  public  in¬ 
formation  is  stored  in  u-forms 
in  a  public  “information  com¬ 
mons”  that’s  easily  usable  by 
anyone,  anytime.  Maya  refers 
to  this  vision  as  the  Civium 
(Latin  for  “of  the  people”) 
Project. 

“Instead  of  using  peer-to- 
peer  to  steal  music,  let’s  liber¬ 
ate  all  accumulated  public- 
domain  data  and  create  a  vast 
information  space  to  make  it 
freely  available,”  Lucas  says. 

Pittsburgh  Green  Map 
( www.greenmap.org ),  an  inter¬ 
active  service  for  locating  en¬ 
vironmental,  recreational  and 
other  “green”  assets  in  west¬ 
ern  Pennsylvania,  serves  as  a 
prototype  of  Lucas’  vision.  De¬ 
veloped  in  conjunction  with  3 
Rivers  Connect,  a  Pittsburgh- 
based  nonprofit  environmen¬ 
tal  group,  the  service  encom¬ 
passes  data  from  geographic 
information  systems  and  other 
types  of  data  from  various 
public  databases  using  differ¬ 
ent  schemas  and  formats.  This 
data  has  been  converted  to 
u-forms  and  is  virtually  locat¬ 
ed  in  an  “information  space,” 
which  is  accessed  via  a  “geo¬ 
browser”  application  devel¬ 
oped  by  Maya. 

Lucas  says  this  technology 
is  about  as  mature  as  the  Web 
was  in  1991.  “It  seems  as  good 
an  assumption  as  any  that  it 
will  follow  a  similar  curve  and 
take  about  as  long,”  Lucas 
says.  “That  would  mean  that  it 
will  be  actually  useful  to  large 
numbers  of  people  within  a 
few  years  and  will  be  on  the 
cover  of  Time  in  about  five 
years.”  I 
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Corporation  Caught 
In  the  Cross  Hairs 


A  focused  e-mail  attack  sends  our  worried 
security  manager  scrambling  to  track 
down  the  source.  By  Vince  Tuesday 


My  company  deals 

with  large  electronic 
financial  transac¬ 
tions  on  a  regular  ba¬ 
sis,  and  I  worry  that  this 
makes  us  the  perfect  target  for 
a  focused  attack  on  our  net¬ 
works.  This  issue  had  been  a 
theoretical  one  for  me,  howev¬ 
er,  until  last  week. 

We  do  receive  a 
great  many  attacks, 
but  we  aren’t  being 
singled  out:  Many 
other  companies  are 
being  targeted  at  the 
same  time.  This  leads 
me  to  conclude  that 
either  the  attackers  are  taking 
the  approach  of  targeting  as 
many  companies  as  possible 
with  the  same  assaults  and 
seeing  which  ones  work,  or 
there  is  so  much  noise  in  our 
monitoring  logs  that  any  tar¬ 
geted  attacks  are  lost  amid 
the  chaos. 

I  have  been  reassured  by 
how  widespread  the  attacks 
have  been.  They  show  that  we 
don’t  need  to  be  totally  secure 
—  just  more  secure  than  most 
companies.  This  goal  is  a  lot 
cheaper  and  easier  to  achieve 
than  perfect  security,  but  it’s 
only  safe  if  no  one  is  targeting 
us.  If  we  are  the  target  of  a  fo¬ 
cused  attack,  hackers  will 
keep  coming  back  with  new 
approaches  until  they  find  one 
that  works. 

Fairy  Tale  Attack 

We  have  outsourced  our 
e-mail  monitoring  to  New 
York-based  Messagelabs  Inc., 
which  offers  us  a  guarantee 
that  no  malicious  code  will  get 
past  its  defenses.  To  back  up 
that  claim,  it’s  admirably  para¬ 


noid.  The  company’s  statistics 
show  that  about  one  in  270  of 
our  e-mails  contains  a  virus. 
Last  week,  we  saw  a  surge  of 
suspicious  e-mails.  Normally, 
this  signals  a  big  virus  out¬ 
break,  but  there  was  no  men¬ 
tion  of  this  on  any  of  the  an¬ 
tivirus  Web  sites.  The  mali¬ 
cious  code  Messagelabs 

stopped  was  simply 
characterized  as 
“Possible  new  Trojan 
software  detected.” 

Whoever  was 
sending  these 
e-mails  was  using  a 
“Rumpelstiltskin  at¬ 
tack.”  In  this  type  of  attack, 
which  gets  its  name  from  the 
fairy  tale  about  a  queen  who 
must  turn  her  first-born  child 
over  to  Rumpelstiltskin  unless 
she  can  guess  his  name,  the  at¬ 
tacker  tries  to  guess  e-mail  ad¬ 
dress  names  by  taking  a  list  of 
common  names,  combining 
them  with  possible  first  and 
last  initials  and  sending  them 
to  an  e-mail  server. 

I  wasn’t  too  worried  about 
the  general  attack,  but  in  the 
middle  of  all  those  attempts, 
the  attacker  had  sprinkled  in 
real  e-mail  addresses  of  staff 
members.  It  was  clear  that 


This  attacker  had  a  list 
of  about  200  of  our 
employees’  e-mail  ac¬ 
count  names.  Perhaps 
someone  internal  had 
leaked  the  list? 


this  attacker  had  a  list  of 
about  200  of  our  employees’ 
e-mail  account  names.  Per¬ 
haps  someone  internal  had 
leaked  the  list? 

The  address  list  was  clearly 
an  old  one,  because  many  of 
the  people  on  it  had  left  the 
company.  But  if  the  attacker 
had  bothered  to  get  a  list  of 
real  addresses  for  our  compa¬ 
ny,  even  out-of-date  ones,  then 
surely  this  couldn’t  be  a  ran¬ 
dom  probe.  It  had  to  be  target¬ 
ed  directly  at  us. 

Attacker  Could  Return 

I  wasn’t  worried  by  the  first 
approach:  Trojan  horse  exe¬ 
cutables  in  e-mails  are  a  low 
risk  thanks  to  our  defenses. 
However,  if  an  attacker  was 
willing  to  put  the  effort  into 
picking  us  out  of  all  the  pos¬ 
sible  targets  and  writing  a 
new  Trojan  horse  for  his  at¬ 
tack,  then  he  was  unlikely  to 
give  up  once  he  realized  his 
e-mail  attack  had  failed.  He 
would  be  back,  but  with  Inter¬ 
net  Relay  Chat,  Web  or  in¬ 
stant  messaging  distribution 
of  his  software.  And  if  our 
desktops  weren’t  as  paranoid 
as  Messagelabs,  his  attack  just 
might  work. 

I  asked  Messagelabs  to  send 
my  team  and  me  a  copy  of  the 
code  so  we  could  analyze  it. 
Then  I  checked  the  news- 
groups.  Lots  of  people  were 
being  probed  in  this  way,  but 
only  by  spammers.  Nobody 
was  reporting  attempts  to 
sneak  Trojan  horse  code  in  by 
this  method. 

I  examined  the  executable. 
The  code  included  a  series  of 
addresses,  and  when  it  was 
run,  the  program  would  con¬ 
nect  to  a  Web  site  and  pull 
down  more  code.  I  asked  Mes¬ 
sagelabs  to  investigate  it  fur¬ 
ther  and  then  checked  out  the 
Web  address. 


I  found  it  mentioned  in  a 
few  postings,  but  these  were 
advertising  a  porn  dialer,  a 
Trojan  horse  tool  that  alters 
your  dial-up  Internet  connec¬ 
tion  to  call  a  premium-rate 
phone  number  in  a  foreign 
country,  secretly  running  up  a 
huge  phone  bill. 

Then  Messagelabs  contact¬ 
ed  us  to  say  that  it  had  identi¬ 
fied  the  software  as  something 
called  TROJ_DIALER.B,  and 
we  were  able  to  back  down 
to  a  more  relaxed  state.  It 
seems  that  this  wasn’t  the  first 
wave  of  a  targeted  attack  but 
rather  the  act  of  a  zealous 
spammer.  Over  the  next  few 
days,  other  companies  report¬ 
ed  the  same  probing. 

So  as  it  turns  out,  we 
weren’t  the  only  target;  we 
were  just  “lucky”  enough  to  be 
early  on  the  list  of  what 
turned  out  to  be  a  large  num¬ 
ber  of  targets. 

But  I’m  still  left  with  a  nag¬ 
ging  doubt.  What  if  the  only 
attacks  we  detect  in  all  the 
noise  are  those  that  aren’t  tar¬ 
geted?  If  an  attacker  can’t  be 
bothered  to  aim  at  a  target,  it 
seems  more  likely  that  he  will 
make  less  effort  to  hide  his  at¬ 
tacks.  Could  there  be  attacks 
that  are  targeted  but  stealthy 
enough  to  escape  detection? 

It  is  all  a  moot  point,  howev¬ 
er,  because  to  get  the  funds  re¬ 
quired  to  perfect  security,  I’ll 
need  evidence  of  the  targeted 
attacks  that  I  can’t  detect  amid 
all  the  other  events.  I 


WHAT  DO  YOU  THINK? 

This  week's  journal  is  written  by  a  real 
security  manager,  “Vince  Tuesday,”  whose 
name  and  employer  have  been  disguised 
for  obvious  reasons.  Contact  him  at  vince. 
tuesday@hushmail.com,  or  join  the  dis¬ 
cussion  in  our  forum:  QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager's  Journals,  go  online  to 

O  computerworld.com/secjournal 
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Security  Bookshelf 

Inside  the  Securi¬ 
ty  Mind:  Making 
the  Tough  Deci- 
sions,  by  Kevin 
Day;  Prentice  Hall 
PTR, 2003 

Some  authors  take 
the  view  that  secu¬ 
rity  is  a  science  and 
produce  theories 
and  models  to  try  to  explain 
the  reasons  behind  what  steps 
you  should  take  to  secure  your 
company.  Day  doesn’t  waste 
time  telling  you  why  his  ap¬ 
proach  works,  he  just  preach¬ 
es  that  it’s  the  best  one. 

He  defines  a  set  of  four 
virtues  and  eight  rules  of  secu¬ 
rity.  I  didn’t  think  they  would 
be  of  much  use,  because 
they  all  seem  obvious.  For  ex¬ 
ample,  his  rule  of  the  threefold 
process  states  that  security 
doesn’t  stop  at  implementa¬ 
tion  but  must  also  cover  moni¬ 
toring  and  maintenance.  But 
he  has  captured  an  elegant 
and  consistent  approach. 

I  haven't  yet  encountered  a 
security  situation  that  couldn’t 
be  resolved  within  the  frame¬ 
work  of  these  principles,  but 
this  book  did  teach  me  how  to 
to  use  my  experience  properly. 

-  Vince  Tuesday 

Symantec  Updates 
Framework  Line 

Symantec  Corp.  has  issued 
updated  versions  of  several 
products  under  its  new 
Symantec  Intrusion  Protection 
security  framework.  The  Cu¬ 
pertino,  Calif. -based  company 
refreshed  its  ManHunt  net¬ 
work  intrusion-detection  sys¬ 
tem  (IDS),  now  called  Syman¬ 
tec  Decoy  Server,  and  the  In¬ 
truder  Alert  host-based  IDS 
and  ManTrap  “honeypot” 
products,  now  called  Syman¬ 
tec  Host  IDS.  Decoy  Server 
now  permits  updates  to  sen¬ 
sors.  Host  IDS  includes  im¬ 
proved  process  management 
features  that  make  it  easier  to 
harden  applications  against 
attacks.  In  addition  to  Sun  So¬ 
laris  8  and  9,  it  now  supports 
Microsoft  Windows  XP,  2000 
and  NT  4.0. 
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There  are  plenty  of  ways  to  shorten  backup  windows.  And  StorageTek  is  just  the  company  to  find  the  one  that's  right 
for  you.  Maybe  it's  BladeStore  as  part  of  disk-to-disk  backup,  or  an  L-Series  automated  tape  library  with  our  superfast 


tape  drive  -  theT9940B.  Whatever  the  solution,  we  think  you  deserve  a  day  of  rest.  Learn  more  about  this  story  and 
other  ways  we  can  help  you  at  www.savetheday.com  STORAGETEK’  Save  the  Day:- 
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XOsoft  Upgrades 
Data  Rewinder 

New  York-based  XOsoft  inc.  last 
week  announced  Version  3.5  of 
its  Data  Rewinder  software  for 
disaster  recovery.  The  software 
allows  storage  administrators  to 
“undo”  application  and  database 
server  corruption,  according  to 
XOsoft.  The  standard  version  of 
Data  Rewinder  is  priced  at  $995, 
and  the  advanced  edition  costs 
$2,395. 


Concord  Releases 
EHealth  Suite  v5.6 

Concord  Communications  Inc.  in 
Marlboro,  Mass.,  announced  Ver¬ 
sion  5.6  of  its  eHealth  Suite.  The 
new  release  provides  an  embed¬ 
ded  Oracle  database,  expanded 
foreign  language  support  and 
faster  deployment  capabilities, 
the  company  said.  Pricing  starts 
at  $100,000. 


Mind  Electric  Java 
Platform  Updated 

The  Mind  Electric  Inc.  in  Addison, 
Texas,  last  week  announced  Ver¬ 
sion  4.1  of  its  Java-based  Web 
services  runtime  platform.  New 
features  include  support  for  the 
SOAP  1.2  standard  and  a  plug-in 
for  Borland  Software  Corp.’s 
JBuilder  tool.  The  standard,  entry- 
level  edition  of  the  product  is  free 
for  most  commercial  uses.  The 
professional  edition  sells  for 
$2,000  per  CPU. 


CommVault  Beefs 
Up  QiNetix  Platform 

CommVault  Systems  Inc.  in 
Oceanport,  N.J.,  announced  that 
it’s  adding  a  component  to  its 
QiNetix  Storage  Management 
Platform.  QiNetix  QNet  will  as¬ 
sess  an  application's  storage  con¬ 
sumption  by  correlating  how  the 
application  and  changing  data 
management  policies  affect  the 
storage  architecture.  Pricing 
starts  at  $1,000  or  $1,500  per 
backup  server  or  production  host, 
depending  on  the  configuration. 


ROBERT  L.  MITCHELL 


Bracing  for  the 
New  IMvacy  Lawk 


NE  WOULD  THINK  THAT,  some  eight 
years  into  the  Internet  age,  enlightened 
self-interest  would  have  motivated  finan¬ 
cial  services  and  e-commerce  vendors 
to  put  a  higher  value  on  maintaining  the 


integrity  of  customer  data. 

But  companies’  seeming  in¬ 
ability  to  follow  a  consistent 
and  reliable  security  model 
for  the  use  of  customer  data, 
and  the  secretive  approach 
taken  to  handling  credit 
card  security  breaches,  have 
helped  create  a  consumer 
backlash  —  and  a  torrent  of 
state  and  federal  legislation. 

The  latest  regulatory  sal¬ 
vo,  California  Senate  Bill 
1386  (SB  1386),  becomes  law 
July  1,  and  more  regulations 
are  coming.  The  law  requires  companies 
to  disclose  any  compromise  of  customer 
data  to  every  affected  consumer  residing 
in  California  within  48  hours.  And  if  you 
don’t  have  up-to-date  contact  informa¬ 
tion  for  those  consumers,  you  must  post 
a  notification  on  your  Web  site  —  the 
e-commerce  equivalent  of  a  scarlet  letter. 

Financial  services  companies  worry 
that  the  negative  publicity  associated 
with  disclosing  data  compromises 
could  wreak  havoc  with  consumer  con¬ 
fidence  in  both  e-commerce  and  the 
financial  services  industry.  Consumer 
fears  have  been  fueled  by  a  string  of 
high-profile  data  losses,  including  the 
compromise  of  some  8  million  credit 
card  numbers  at  card  processor  Data 
Processors  International  Inc.  (DPI)  last 
February.  Most  of  the  affected  card  as¬ 
sociations’  member  banks  didn’t  notify 
affected  customers,  despite  the  possi¬ 
bility  that  those  numbers  could  be  used 
in  conjunction  with  so-called  skip-trace 
database  services  online  to  gain  enough 
information  for  identity  theft. 

E-commerce  vendors,  left  in  the  dark 
about  which  card  numbers  were  affect¬ 
ed,  had  to  make  doubly  sure  they  were 


checking  card  verification 
codes  to  protect  themselves 
against  chargebacks.  Fear  of 
negative  publicity  has  kept 
the  issue  under  wraps.  Fear 
of  legal  penalties  and  law¬ 
suits  under  new  laws  will 
now  push  the  issue  to  the 
forefront  as  never  before. 

In  the  case  of  credit  card 
number  theft,  card  associa¬ 
tions  do  provide  security 
guidelines  to  merchants 
and  banks,  but  not  all  orga¬ 
nizations  abide  by  them, 
says  Julie  Fergerson,  chairman  of  the 
Merchant  Risk  Council  in  New  York.  “If 
DPI  had  done  the  [MasterCard]  Site 
Data  Protection  program . . .  the  break- 
in  never  would  have  occurred,”  she 
says.  Now  legislatures  have  stepped  in 
to  enforce  change. 

That  leaves  IT  professionals  to  strug¬ 
gle  with  the  intricacies  SB  1386  and  simi¬ 
lar  federal  legislation,  called  the  Data¬ 
base  Security  Breach  Notification  Act, 
that  Sen.  Dianne  Feinstein  (D-Calif.)  in¬ 
troduced  last  week.  Bills  pending  in  the 
Senate  include  the  Social  Security  Num¬ 
ber  Misuse  Prevention  Act  and  the  Pri¬ 
vacy  Act,  which  prohibit  the  display,  sale 
or  purchase  of  Social  Security  numbers 
and  other  personally  identifiable  infor¬ 
mation  without  the  consumer’s  permis¬ 
sion.  Another  bill,  the  Identify  Theft  Pre¬ 
vention  Act,  would  prohibit  the  printing 
of  full  credit  card  numbers  on  receipts. 

Ever  aware  of  a  sales  opportunity,  IT 
security  vendors  are  madly  waving  red 
flags,  hoping  to  cash  in  on  the  SB  1386 
bonanza.  Since  this  law  exempts  data 
that’s  encrypted  from  the  disclosure 
rules,  storage  security  vendors  like  Kas- 
ten  Chase  Applied  Research  Inc.  are 
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trumpeting  the  risks  of  network  storage 
—  and  promoting  PKI-based  authenti¬ 
cation  and  encryption  at  the  storage  de¬ 
vice  level  for  “at  rest”  data.  But  encrypt¬ 
ing  stored  data  isn’t  as  easy  as  vendors 
make  it  sound.  “It  breaks  a  lot  of  index¬ 
ing  and  backup  schemes,”  says  John 
Pescatore,  an  analyst  at  Gartner  Inc. 

Encryption  also  doesn’t  protect  com¬ 
panies  from  insider  attacks,  which  ana¬ 
lysts  say  are  at  least  as  common  as  ex¬ 
ternal  threats.  Liquid  Machines  Inc.  in 
Lexington,  Mass.,  extends  encryption  to 
data  retrieved  in  queries.  Policies  set  in 
Active  Directory  or  another  LDAP- 
compliant  directory  service  control 
user  access;  results  can  be  pasted  into 
and  viewed  locally  within  supported 
applications  such  as  Excel  and  Word. 

All  usage  is  centrally  monitored. 

Another  start-up,  San  Francisco- 
based  Vontu  Inc.,  offers  a  surveillance 
tool  to  help  monitor  access  to  sensitive 
data  and  “quarantine”  it  when  issues 
arise,  while  Cupertino,  Calif.-based 
StrongAuth  Inc.  offers  compliance  man¬ 
agement  and  SB  1386  policy  templates. 

Such  technologies  can  provide  tactical 
support,  but  do  you  need  them?  Organi¬ 
zations  with  well-designed  security  poli¬ 
cies  and  infrastructures  will  probably 
exceed  the  legal  hurdles  these  rules  set, 
analysts  say,  although  compliance-moni¬ 
toring  tools  may  also  be  needed.  And 
every  organization  handling  sensitive 
consumer  data  should  be  using  encryp¬ 
tion.  Implementing  that  is  no  picnic,  and 
that’s  where  vendors  could  be  of  help. 

“The  product  vendors  should  focus 
on  making  it  easier,  not  on  trying  to 
drum  up  fear,  uncertainty  and  doubt 
with  every  new  law  that  comes  along,” 
says  Pescatore.  Fortunately,  vendors 
seem  eager  to  rise  to  that  challenge.  I 
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IT  and  engineering  must  join  to 
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process  networks,  like  at  Du  Pont, 
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leading  the  effort  to  protect  such 
systems.  Page  38 
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ANOTHER 

DIGIT  ANOTHER 

DEADLINE 

Shades  of  Y2k:  U.S.  retailers  must 
update  their  systems  to  handle 
longer  bar  codes  by  Jan.  1, 2005. 

BY  KATHLEEN  MELYMUKA 


HE  IT  DEPARTMENT  at  Ahold 
Information  Services  in  Green¬ 
ville,  S.C.,  has  been  working  for 
years  toward  a  deadline  that’s 
little  known  outside  the  retail  world. 

“We  began  designing  data  warehous¬ 
es  and  new  projects  three,  four,  even 
five  years  ago  with  this  in  mind,”  says 
Ed  Gropp,  chief  business  and  technol¬ 
ogy  officer  at  the  subsidiary  of  Ahold 
USA  Inc.,  which  operates  U.S.  super¬ 
markets  including  the  Stop  &  Shop  and 
Giant  Food  chains.  The  company  is 
“fairly  well  along,”  Gropp  says,  and 
he’s  confident  Ahold  will  be  ready. 

But  others  in  the  retail  industry  are 
less  prepared. 

The  dust  has  barely  settled  over  Y2k, 
and  there’s  another  technology  dead¬ 
line  approaching.  Sunrise  2005  is  the 
Uniform  Code  Council  Inc.’s  (UCC) 
mandate  by  which  all  U.S.  manufactur¬ 
ers,  distributors  and  retailers  must  be 
able  to  process  new,  longer  product 


codes  by  2005.  Like  Y2k,  this  is  a  busi¬ 
ness  issue  that  involves  database  field 
formats,  so  responsibility  falls  heavily 
on  IT.  Like  Y2k,  it’s  a  seemingly  simple 
task  that  becomes  more  complex  as 
you  get  more  involved.  And  like  Y2k, 
it  leaves  most  retailers  with  no  choice 
but  to  comply. 

A  Globalization  Issue 

Sunrise  2005  is  essentially  about  nu¬ 
merical  limits  and  globalization.  In  the 
1990s,  the  Lawrenceville,  N.J.-based 
UCC,  which  assigns  the  12-digit  uni¬ 
versal  product  codes  (UPC),  deter¬ 
mined  that  the  numbers  would  even¬ 
tually  run  out  if  more  digits  weren’t 
added.  The  council  notified  retailers 
in  1997  that  as  of  Jan.  1, 2005,  it  would 
introduce  13-digit  UPCs  and  that  they 
would  have  to  be  able  to  process  them. 

Sunrise  2005  is  also  a  step  toward 
global  synchronization  of  retail  data, 
which  is  expected  to  cut  precious  time 


and  billions  of  dollars  out  of  the  supply 
chain.  Current  UPCs  conflict  with  the 
eight-  to  13-digit  European  Article  Num¬ 
bering  (EAN)  codes  used  throughout 
the  rest  of  the  world. 

When  foreign  products  are  traded 
here,  they  must  be  relabeled  so  that 
U.S.  12-digit  systems  can  read  them,  a 
time-consuming,  expensive  and  error- 
prone  effort.  This  relabeling  will  end 
in  2005. 

A  final  twist:  Sunrise 
2005  requires  that  U.S. 
retailers  be  able  to 
process  13  digits,  but  the 
UCC  recommends  that 
they  process  14  digits. 

That’s  because  14-digit 
codes  will  be  required 
for  global  synchroniza¬ 
tion  as  well  as  emerging 
supply  chain  tools  such 
as  reduced  space  sym¬ 
bology  (RSS)  and  radio¬ 


frequency  identification  (RFID). 

Although  Sunrise  2005  also  affects 
manufacturers,  the  bigger  issue  is  for 
retailers,  says  Pam  Stegeman,  vice 
president  of  supply  chain  and  tech¬ 
nology  at  Grocery  Manufacturers  of 
America  Inc.  in  Washington.  Manufac¬ 
turers  won’t  need  to  change  UPCs  on 
existing  products,  and  their  back-end 
systems  can  already  process  14-digit 
codes,  which  are  often 
used  on  packing  crates. 

Many  retailers  with 
large  volumes  of  inter¬ 
national  trade  have 
been  processing  EAN 
code  for  years.  “Wal- 
Mart  is  compliant  and 
has  been  for  several 
years,”  says  Linda  Dill- 
man,  CIO  at  Wal-Mart 
Stores  Inc.  “Because  we 
have  global  systems, 
which  means  the  same 


WHAT  IS  IT? 

Sunrise  2005 

The  Uniform  Code  Council 
requires  that  U.S.  manufac¬ 
turers,  distributors  and  retail¬ 
ers  be  able  to  process  13-digit 
product  codes  by  Jan.  1, 

2005.  (The  current  U.S.  stan¬ 
dard  is  12  digits.)  The  UCC 
recommends  that  companies 
move  to  14-digit  codes. 
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What’s  in  It  for  You? 


According  to  the  Global  Commerce  Ini¬ 
tiative,  an  organization  of  retailers,  man¬ 
ufacturers  and  the  UCC  and  EAN  Interna¬ 
tional,  Sunrise  2005  compliance  can 
bring  productivity  improvements  of  1% 
to  3°/o  in  supply  chain  costs,  improving 
the  bottom  line  by  10%  to  15%  per  year. 
Specifically,  the  group  says  Sunrise 
2005  will: 

■  Eliminate  costs  associated  with 
correcting  inaccurate  information. 

■  Automate  more  tasks. 

■  Serve  customers  better  through  a 
wider  variety  of  product  sources. 

■  Support  food-safety  initiatives  by 
better  identification  and  tracing  of 
tainted  products. 

■  Improve  trading  partner  relation¬ 
ships  through  better  communication. 

■  Reduce  product  introduction  time. 

The  sooner  your  company  gets  with 


the  program,  the  sooner  you  begin  to 
benefit.  “There  are  benefits  to  getting 
done  early,"  says  Patrick  Walsh,  director 
of  industry  relations  at  the  Food  Manu¬ 
facturing  Institute.  “You  get  an  edge  on 
the  competition  in  product  assortment 
and  the  ability  to  accelerate  e-commerce 
business  applications”  using  emerging 
tools  such  as  RSS  and  RFID. 

Christine  Overby,  a  senior  analyst  at 
Forrester  Research  Inc.,  agrees.  “Firms 
that  get  an  early  start  sharing  clean  data 
with  their  trading  partners  will  use  money 
formerly  wasted  on  inefficient  processes 
to  seed  investments  in  new  technology 
innovations  like  RFID,”  she  says.  “These 
first  movers  will  distance  themselves 
from  the  pack  as  these  new  investments 
further  reduce  inefficiencies  while  im¬ 
proving  customer-service  levels.” 

-  Kathleen  Melymuka 


applications  support  all  of  our  opera¬ 
tions  in  other  countries,  we  have  sup¬ 
ported  a  13-,  14-digit  product  code 
since  the  mid-’90s.” 

The  Navy  Exchange  Service  Com¬ 
mand  is  also  ready.  “We  are  an  interna¬ 
tional  retailer,  so  we  already  deal  with 
13-digit  EAN  codes,  and  our  system 
will  support  14,”  says  Bill  Finefield,  re¬ 
tiring  CIO  at  the  Virginia  Beach  retail¬ 
er  for  Navy  bases  and  ships.  Because 
many  software  vendors  cater  to  inter¬ 
national  companies,  all  his  systems 
were  built  to  be  compliant  with  inter¬ 
national  standards,  he  says. 

Alan  Garton,  director  of  channel 
management  for  general  merchandise 
at  the  UCC,  says  that  a  large  percent¬ 
age  of  traditional  department  stores 
and  mass  retailers  are  already  compli¬ 
ant.  “Big-box”  retailers  of  appliances 
and  electronics  are  a  “mixed  bag,”  he 
says.  Some  are  ready;  others  still  have 
work  to  do. 

But  grocery  retailers  are  lagging 
because  many  have  older  systems 
that  were  set  up  in  the  1970s  and 
’80s.  Among  grocers,  global  retailers 
like  Ahold  tend  to  be  working  on  re¬ 
mediation,  and  national  chains  are  at 
least  gearing  up,  says  Patrick  Walsh, 
director  of  industry  relations  at  the 
Food  Marketing  Institute  in  Washing¬ 
ton.  “The  challenge  is  whether  the 
wholesale  community  and  small,  inde¬ 
pendent  operators  will  be  prepared,” 
he  says. 

Failure  to  comply  isn’t  seen  as  po¬ 
tentially  catastrophic  —  just  unwise. 


“This  is  not  a  Y2k  in  any  way,  shape 
or  form,”  says  Gropp.  “Companies  are 
not  going  out  of  business  if  this  doesn’t 
get  done.” 

“It  won’t  cause  systems  to  crash,” 
Garton  explains.  “You  can  still  do  busi¬ 
ness,  though  you  may  have  to  recon¬ 
struct  data  and  fix  problems.” 

Huge  point-of-sale  problems  aren’t 
anticipated,  because  scanners  built 
since  the  mid-1980s  can  al¬ 
ready  process  13-digit 
codes.  The  trouble  will 
arise  if  larger  codes  are 
incompatible  with  back¬ 
end  databases. 

“Even  if  point-of-sale 
scanners  can  read  the  bar 
code,  you  won’t  be  able  to  process  the 
data  as  a  result  of  the  scan,”  says  Chris 
Sellers,  a  Chicago-based  retail  consul¬ 
tant  at  Electronic  Data  Systems  Corp. 

In  other  words,  you  may  be  able  to 
sell  an  item  to  a  customer,  but  your  in¬ 
ventory  systems  won’t  know  it’s  gone, 
your  stocking  system  won’t  reorder, 
and  your  revenue  systems  won’t 
record  the  sale.  The  trouble  this  could 
cause  will  depend  on  the  volume  of 
non-U.S.  items  and  new  items  with 
13-digit  UPCs  that  you  trade. 

Remediation,  Again 

Sunrise  2005  is  like  Y2k  in  that  retail¬ 
ers  have  to  hunt  down  and  expand 
numeric  fields  in  their  databases.  But 
it’s  also  different.  “It’s  not  a  date  field, 
which  is  relatively  discreet  and  easy  to 
find,”  Sellers  notes.  And  the  code  can 


show  up  in  unexpected  places.  For 
example,  product  codes  are  used  inter¬ 
nally  in  financial  systems  and  external¬ 
ly  with  suppliers  of  materials  and 
packaging,  distributors,  and  logistics 
services.  “It’s  messy,”  says  Gropp. 
“These  numbers  show  up  in  almost 
every  report,  every  screen,  every  file 
you  process.” 

Gropp  has  integrated  the  Sunrise 
2005  remediation  into  virtually  every 
IT  project  for  years.  “It’s  not  one  thing; 
it’s  a  piece  of  a  lot  of  other  projects,” 
he  says.  “Every  time  we  get  into  a  sys¬ 
tem  or  we’re  designing  a  new  applica¬ 
tion,  we  make  sure  that  it  can  process 
the  codes,”  he  explains.  “If  we’re  up¬ 
dating  a  purchasing  application,  we  in¬ 
corporate  this  into  it.” 

More  Hurdles 

Finding  the  code  is  one  challenge,  but 
there  are  others.  Under  the  current 
UPC  system,  the  first  half  of  the  num¬ 
ber  is  a  vendor  ID,  the  second  half  is  a 
product  ID.  The  code  as  a  whole  is 
supposed  to  be  “nonintelligent,”  signi¬ 
fying  nothing  except  a  unique  product. 
But  some  retailers  have  been  “parsing” 
the  code,  using  the  first  six  digits  as  a 
vendor  reference  code  to  point  to  their 
internal  data  on  that  vendor.  Parsing 
the  code  in  this  way  will  no  longer 
work.  Because  EAN  codes  and  new 
UPC  codes  will  have  vendor  numbers 
up  to  10  digits  in  length,  the  first  six 
digits  will  no  longer  be  unique. 

If  retailers  want  to  use  the  number 
as  a  vendor  reference,  they 
will  need  to  use  the  entire 
number,  Garton  says. 

“But  the  tougher  part  is 
how  people  have  entire 
systems  built  on  this,”  he 
says.  “I  believe  this  [prob¬ 
lem]  is  bigger  than  most 
people  are  admitting.” 

For  companies  that  have  yet  to  begin 
remediation,  the  time  and  effort  in¬ 
volved  will  depend  on  their  size,  the 
state  of  their  technology  and  whether 
they  have  been  parsing  code.  EDS’s  Sun¬ 
rise  2005  services  for  large  companies 
include  a  four-  to  six-week  assessment 
and  a  three-  to  nine-month  remediation. 

The  current  economic  doldrums  and 
enduring  Y2k  fatigue  among  execu¬ 
tives  make  this  a  difficult  time  to  gar¬ 
ner  enthusiasm  for  another  IT  dead¬ 
line.  Gropp  says  that  among  his  peers, 
other  priorities  have  often  taken  prece¬ 
dence.  “They  say,  ‘I’ve  got  other  proj¬ 
ects  with  higher  return,’  ”  he  says. 

You  can  put  Sunrise  2005  on  your 
company’s  radar  by  accentuating  the 
positive,  Sellers  says.  “You  don’t  want 
to  say,  ‘We  have  to  do  this,’  ”  he  ex- 
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Sunrise  2005 
Compliance 

Retailers  were  asked  whether  they  could 
support  the  following  product  codes  today; 
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plains.  “You  want  to  say,  ‘Here  are  the 
benefits.’  ”  (See  “What’s  in  It  for  You?”) 

Sunrise  2005  is  a  voluntary  deadline, 
but  if  you  deal  in  a  large  volume  of 
non-U.S.  or  new  products  or  you  share 
data  electronically  with  suppliers,  it 
should  be  a  priority.  “If  you  want  good 
customer  service  and  you  want  to 
share  standardized  data,  you  have  to 
do  this,”  Garton  says.  Finefield  agrees. 
“We  learned  years  ago  that  the  best 
thing  you  can  do  is  be  standards- 
compliant,”  he  says.  “Typically,  retail¬ 
ers  wait  too  long  and  then  hurry  to 
catch  up.  If  it’s  going  to  impact  your 
business,  you  need  to  do  it.”  I 
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IT  and  engineering  must  work  together  to  secure  dangerously 
vulnerable  process  networks.  By  Mathew  Schwartz 


WHEN  AN  EMPLOYEE 
from  an  Australian 
company  that  makes 
manufacturing  soft¬ 
ware  got  fired  in  early 
2000,  he  applied  for  a 
job  with  the  local  gov¬ 
ernment,  but  was 

turned  down.  In  retaliation,  he  got  a 
radio  transmitter,  went  to  a  nearby 
hotel  where  there  was  a  sewage  valve, 
and  used  the  radio  to  hack  into  the 
local  government’s  computerized 
waste  management  system. 

Using  software  from  his  former  em¬ 
ployer,  he  released  millions  of  gallons 
of  raw  sewage  near  the  hotel  grounds 
and  into  rivers  and  parks. 

“He  did  this  46  times  before  he  was 
caught,”  notes  Joe  Weiss,  a  process- 
control  cybersecurity  expert  and  con¬ 
sultant  at  the  Cupertino,  Calif.,  office 
of  Kema  Consulting.  “The  first  20 
[times],  they  didn’t  even  know  it  was 
cyber,”  meaning  an  external  attack 
launched  using  a  computer,  he  says. 
“From  20  to  45,  they  finally  figured  it 
was  cyber,  but  they  didn’t  catch  him 
until  46.”  Though  this  person  never 
worked  for  the  wastewater  utility,  he 
was  still  able  to  break  into  its  supervi¬ 


sory  control  and  data  acquisition  sys¬ 
tem,  which  was  designed  with  a  big  se¬ 
curity  assumption  in  mind  —  that  only 
insiders  would  want  to  access  it. 

Hundreds  of  thousands  of  similar 
process  systems  and  networks  used  in 
dozens  of  industries  worldwide  remain 
dangerously  vulnerable.  And  like  it  or 
not,  IT  managers  need  to  address  this 
problem  despite  three  enormous  chal¬ 
lenges:  the  traditional  barriers  be¬ 
tween  IT  and  the  engineers  who  typi¬ 
cally  run  process  networks,  the  highly 
customized  nature  of  process  applica¬ 
tions,  and  the  lack  of  security  software 
for  process  applications  and  networks. 

Historically,  IT  has  had  little,  if  any¬ 
thing,  to  do  with  process-control  sys¬ 
tems,  because  they  run  reliably  and 
rarely  crash.  Instead,  IT  focused  strict¬ 
ly  on  corporate  data  networks.  But  that 
needs  to  change,  experts  say. 

Process-control  networks  are  to 
manufacturing  environments  what  IT 
is  to  an  office  —  endemic.  For  exam¬ 
ple,  more  than  2,400  oil,  natural  gas 
and  chemical  companies  in  the  U.S. 
employ  process-control  networks  in 
their  manufacturing  systems.  Other 
heavy  users  of  process  networks  in- 

Continued  on  page  40 
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DB2  Information  Management  Software 


See  disparate  data  united. 

See  old  and  new  become  one. 
See  bits  of  data  become  insight. 
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insight  and  opportunity:  rows  and  columns,  video  and  e-mail,  audio  and  Web.  It  works  wherever  your 
data  lives:  Oracle,  Microsoft  or  IBM:,  it  works  in  real  time,  across  platforms:  Linux,  Windows,  UNIX.  Insight 
is  yours.  On  demand.  Faster  than  ever.  For  a  DB2  Information  Integrator  Kit,  visit  ibm.com/db2/integrate 
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Continued  from  page  38 
elude  the  power,  water,  food,  drug,  au¬ 
tomobile,  metal,  mining  and  manufac¬ 
turing  industries. 

For  example,  process  networks  in 
the  chemical  industry  control  chemi¬ 
cal-making  equipment  and  monitor 
sensors.  If  anything  goes  wrong,  such 
networks  react  by  adjusting  the  envi¬ 
ronment  in  predefined  ways,  such  as 
shutting  off  gas  flow  to  prevent  leaks 
or  explosions. 

One  company  that’s  taking  process 
network  security  seriously  and  involv¬ 
ing  IT  is  Du  Pont  Co.  in  Wilmington, 
Del.  Tom  Good,  a  project  engineer  at 
the  chemical  manufacturer,  has  been 
leading  its  20-month-old  effort  to  cate¬ 
gorize  and  reduce  its  process-control 
system  vulnerabilities. 

Du  Pont’s  philosophy  for  dealing 
with  this  problem,  he  says,  is  that  “on 
all  of  our  critical  manufacturing  proc¬ 
esses,  we  are  either  going  to  totally 
isolate  our  process  systems  from  our 
business  systems  by  not  connecting 
our  networks,  or  we’re  going  to  put  in 
firewalls  to  control  access.” 

To  tackle  process-control  network 
security,  Good  says  Du  Pont  formed  a 
team  made  up  of  IT  staffers,  who  un¬ 
derstand  networks  and  cybersecurity; 
process-control  engineers,  who  under¬ 
stand  the  process-control  equipment; 
and  manufacturing  employees,  who 
understand  manufacturing  risks  and 
vulnerabilities. 

To  give  the  three  groups  visibility, 
each  reports  to  a  separate  member  of 
a  committee  that’s  leading  the  effort. 
The  team  first  discerned  which  control 
devices  are  critical  to  manufacturing, 
safety  and  continuity  of  production. 
Then  the  team  identified  the  assets  of 
each  —  hardware,  data,  software  appli¬ 
cations  —  and  researched  relevant  vul¬ 
nerabilities.  Only  then  did  it  begin  the 
arduous  task  of  testing  fixes  and  work¬ 
arounds  to  see  which  ones  might  work 
for  which  machines. 

Even  in  a  manufacturing  environ¬ 
ment  that  uses  similar  process-control 
hardware  and  software,  precise  vulner¬ 
abilities  differ  by  environment.  “Deal¬ 
ing  with,  say,  a  water  treatment  proc¬ 
ess  on  effluent  out  of  a  plant  is  consid¬ 
erably  different  than  dealing  with  a 
production  operation,  where  you 
might  be  dealing  with  vessels  under 
high-temperature  and  high-pressure 
conditions,”  says  Good. 

On  the  basis  of  its  research,  the  team 
is  also  deciding  how  to  separate  net¬ 
works  and  where  process-control  fire¬ 
wall  appliances  should  go.  High-end 
enterprise  firewalls  aren’t  required; 
each  process  network  supports  only  10 
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to  50  users.  “The  greater  cost  is  in  the 
network  equipment  and  re-engineer¬ 
ing  activities  to  separate  networks  and 
place  critical  process-control  devices 
together  on  the  clean  side  of  the  fire¬ 
wall,”  says  Good.  “The  challenge  is  to 
accomplish  these  tasks  on  online  con¬ 
trol  systems  while  keeping  the  process 
running.” 

The  Challenge 

Until  about  15  years  ago,  most  process- 
control  networks  were  secure  because 
they  were  extremely  proprietary.  Then 
customers  demanded  less  expensive 
front  ends  and  TCP/IP  networking. 
Such  networking  opened  up  process- 


control  systems  to  common  vulnera¬ 
bilities,  then  the  Internet,  yet  the  un¬ 
derlying  systems  weren’t  strengthened 
to  make  up  the  security  difference. 

The  methods  IT  uses  to  secure  data 
networks  can’t  be  used  to  quickly  se¬ 
cure  control  systems.  Every  compo¬ 
nent  can  have  multiple  critical  func¬ 
tions.  For  example,  at  a  refinery,  vari¬ 
ous  sensors  help  ensure  safety  when 
filling  tankers  —  whether  there’s  a 
truck  beneath  the  filler,  whether 
there’s  gas  available.  If  the  truck’s 
tanker  reads  full  or  the  truck  moves 
away,  the  process  must  interrupt. 

Process-control  hardware  is  also  dif¬ 
ficult  to  secure.  Application  custom¬ 
ization  is  so  rife  that  it’s  impossible  to 
run  antivirus  software  on  some  PCs 
and  Unix  boxes,  says  Kris  Zupan,  CEO 
and  chief  technology  officer  at  e-DMZ 
Security  LLC,  also  in  Wilmington. 


Likewise,  patching  the  operating  sys¬ 
tem  can  require  rewriting  the  applica¬ 
tion.  In  the  rare  cases  when  applica¬ 
tions  can  be  patched,  shutting  down 
the  always-on  machines  is  costly  — 
and  a  patch  might  have  unintended  ef¬ 
fects  and  compromise  production. 

Other  information  security  tools 
don’t  work  well  in  these  environments 
either;  for  example,  complicated  pass¬ 
words  can  slow  access  in  an  emer¬ 
gency.  As  a  result,  every  machine  of  a 
particular  type  worldwide  may  have 
the  same  password.  In  other  words, 
anyone  who  has  ever  used  one  type  of 
machine  theoretically  has  access  to  all 
machines  of  that  type. 


IT  managers  everywhere  will  have 
to  learn  that  safety  in  process  control 
is  paramount.  That’s  a  switch.  IT’s  tra¬ 
ditional  goal  is  “data  confidentiality, 
data  integrity  and  data  availability,” 
says  Theresa  Grant,  director  of  infor¬ 
mation  security  at  The  Dow  Chemical 
Co.  in  Midland,  Mich.  “However,  in  the 
process-control  arena,  the  very  first 
objective  is  safety,  the  second  is  safety, 
and  the  third  is  operational  integrity.” 
If  certain  systems  fail,  people  can  die. 

To  help  companies  assess  and  reme¬ 
diate  process-control  vulnerabilities, 
various  initiatives  are  under  way.  The 
Instrumentation,  Systems  and  Auto¬ 
mation  Society,  a  Research  Triangle 
Park,  N.C.-based  standards  body,  is  de¬ 
veloping  best  practices  for  securing 
process-control  networks. 

Various  organizations,  including  pe¬ 
troleum  and  chemical  trade  associa¬ 


tions,  have  commissioned  studies  to 
find  best  security  practices  for  their  in¬ 
dustries.  Studies  in  hand,  they  hope  to 
persuade  each  industry  to  implement 
security  best  practices. 

Another  initiative,  at  least  at  Du 
Pont,  is  to  get  Microsoft  Corp.  to  better 
detail  its  patch  practices.  Good  says 
too  much  time  is  spent  testing  patches 
to  make  sure  they  work  with  the 
process-control  applications,  when  in 
many  cases,  the  patch  might  not  even 
be  applicable. 

Du  Pont  sat  down  with  Microsoft 
representatives  and  “exposed  them  to 
our  world  of  safety  —  where  any  safety 
incident  is  unacceptable,”  says  Good. 

“I  don’t  know  where  the  awareness¬ 
building  will  lead.  If  Microsoft  mea¬ 
sures  what  it’s  doing  as  ‘better’  be¬ 
cause  it  had  200  fixes  this  year  vs.  250 
fixes  last  year,  there’s  obviously  a  gap 
in  meeting  the  level  of  performance 
that  is  important  to  our  industry.” 

The  more  realistic  solution  is  for  IT 
and  engineering  departments  to  coop¬ 
erate  on  the  problem.  For  example,  IT 
knows  how  to  better  secure  things  — 
“change  management,  release  manage¬ 
ment,  providing  things  of  that  nature,” 
says  Dow’s  Grant.  Engineers  under¬ 
stand  process-control  intricacies. 

Hence,  any  fix-it  team  needs  both 
kinds  of  experts,  as  well  as  anyone  else 
with  a  stake  —  manufacturing,  supply 
chain  —  to  help  explain  what  touches 
what.  That  team  would  map  comput¬ 
ers,  processes  and  networks  and  test 
where  security  can  be  applied.  It’s 
exacting  work,  warns  Zupan:  “If  you 
modify  the  controlling  system,  it  can 
produce  hazards  that  not  even  the 
designers  predicted.” 

The  irony,  of  course,  is  that  compa¬ 
nies  demanded  off-the-shelf  compo¬ 
nents,  and  now  they’re  paying  the 
security  price.  Network  separation  is 
likewise  no  simple  panacea.  “It’s  been 
there  in  limited  fashion  [before],  but  a 
lot  of  times,  there’s  a  lot  of  back  doors 
and  a  lot  of  Web  front  ends  that  need 
to  be  protected  as  well,”  says  Michael 
Rasmussen,  an  analyst  at  Forrester 
Research  Inc. 

Process-control  hardware  can  have 
a  life  span  of  15  years.  No  doubt,  some 
security  vulnerabilities  will  remain  as 
long  as  current  hardware  remains  in 
use.  By  tackling  the  greatest  risks, 
however,  companies  can  help  mini¬ 
mize  their  process-control  system  vul¬ 
nerabilities  and  better  secure  manufac¬ 
turing  environments.  I 


Schwartz  is  a  freelance  writer  in 
Somerville,  Mass.  He  can  be  reached 
at  Mat@Penandcamera.com. 


HOWTO  GET  STARTED 


1  Understand  and  acknowledge 
that  there’s  a  problem.  For  IT 

managers,  “one  of  the  biggest 
things  is  literally  just  understanding” 
the  issues,  says  Kema’s  Joe  Weiss. 


Mitigate  the  IT/engineering  cul¬ 
ture  clash.  “One  approach  that 
can  be  taken  is  just  awareness  - 
sitting  down  with  the  right  folks  on  the 
manufacturing  side,  taking  them  out  for 
lunch  and  sharing  with  themBour  infor¬ 
mation  security  strategies.  HaMg  that 
SnR,  that’s  where  it  begins,"  says 
Dow  Chemical’s  Theresa  Grant. 


3  Work  on  cross-functional 
teams.  IT  needs  to  “work  with  op¬ 
erations  on  a  day-to-day  basis”  to 
really  understanfcrocess  systems, 


Hs  really  applicable  to  these  types 
of  systems  and  what  is  needed  to  im¬ 
prove  their  security,  says  Weiss. 


Get  your  CIO  involved.  Engi¬ 
neers  report  to  the  vice  president 
of  operations  or  manufacturing;  IT 
reports  to  the  CIO.  They’re  in  different 
silos.  ^^Hvo  need  to  talk,  along 
with  the  heads  <Hisk  management 
H  physical  security. 


Foster  a  leadership  group. 

Dow  created  a  global  information 
management  team  with  represen¬ 
tatives  from  all  work  processes  to 
share  irBrmation  and  challenBs  that 
other  lines  of  business  might  not  un¬ 
derstand. 

-  Mathew  Schwartz 
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From  the  leader  in  collaboration,  a  new  way  to  do  business  that  increases  responsiveness  and  simplifies 
access  to  people,  information  and  processes.  Lotus  Workplace  delivers  wide-scale  collaboration  for  everyone 
in  your  workforce.  Openly.  Flexibly.  Affordably.  With  business  results  on  demand.  To  learn  more  about  the 
first  Workplace  offering,  see  our  demo  of  Lotus  Workplace  Messaging  "at  ibm.com/lotus/seeworkplace 
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Shell  uses  a  Web-based  system  to  reduce 
the  costs  and  headaches  of  procuring 
short-term  labor,  by  thomas  hoffman 


Like  other  big,  geographically 
dispersed  companies,  Shell 
Oil  Products  US  spent  a  lot 
of  money  on  temporary  con¬ 
tract  labor  to  fill  short-term 
requirements  for  everything  from  ac¬ 
counting  to  IT  consulting. 

But  while  the  Houston-based  sub¬ 
sidiary  of  Shell  Oil  Co.  still  spends 
nearly  $100  million  annually  for  con¬ 
tract  labor,  it  now  takes  a  more  cost- 
effective  approach,  thanks  to  its  imple¬ 
mentation  late  last  year  of  a  contingent 
workforce  management  system. 

The  Web-based  system  from  Denver- 
based  IQNavigator  Inc.  helps  Shell  Oil 
Products  automate  its  contingent  work¬ 
force  management  processes,  includ¬ 


ing  supplier  qualification,  requests  for 
proposals,  time-and-expense  entries 
and  invoicing. 

Prior  to  the  initiative,  functional  and 
business  departments  throughout  Shell 
Oil  Products  applied  a  hodgepodge  of 
manual  processes  to  manage  tempo¬ 
rary  and  contract  labor,  says  Kim 
Chapman,  team  leader  for  the  contin¬ 
gent  workforce  management  project. 
“We  were  spending  quite  a  bit  of  mon¬ 
ey,  and  the  team  was  charged  with 
looking  at  how  we  could  reduce  our 
spending”  through  improved  sourcing 
and  better  rates,  says  Chapman. 

The  team,  which  included  represen¬ 
tatives  from  Shell  Information  Tech¬ 
nology  International  Group  —  an  IT 


services  arm  that  supports  multiple 
Shell  divisions  —  set  a  goal  of  reducing 
contingent  workforce  spending  by  8% 
annually.  Thanks  to  the  use  of  IQNavi¬ 
gator,  a  set  of  process  improvements 
and  a  reduction  in  the  number  of  labor 
suppliers  it  worked  with,  Shell  Oil 
Products  was  able  to  surpass  its  annual 
cost  savings  target  in  less  than  two 
months. 

Reducing  the  number  of  contingent 
labor  suppliers  was  one  of  the  first 
steps.  For  instance,  Shell  Oil  Products 
had  been  working  with  more  than  20 
suppliers  of  temporary  administrative 
personnel,  says  Chapman.  But  it’s 
now  working  with  just  four  preferred 
suppliers. 

By  consolidating,  Shell  Oil  Products 
is  in  a  better  position  to  negotiate  la¬ 
bor  rates,  and  there  are  fewer  supplier 
relationships  to  manage.  The  consoli¬ 
dation,  as  well  as  automation  and 
process  improvements,  lets  Shell 
Oil  Products  get  volume  and  early- 
payment  discounts  from  its  labor  sup¬ 
pliers.  By  virtue  of  these  discounts, 
the  company  has  cut  its  payments  to 
new  contractors  by  an  average  of  28%, 
Chapman  says. 

The  labor  vendors  like  it,  too,  be¬ 
cause  it  means  they  can  become  pre¬ 
ferred  providers  for  all  of  the  divisions 
of  the  company,  not  just  one  or  two. 

“It’s  a  vendor’s  dream.  It’s  still  up  to 
you  to  perform,  but  now  you  won’t  be 
limited”  in  the  number  of  corporate  di¬ 
visions  you  can  work  with,  says  Pam¬ 
ela  O’Rourke,  president  of  Icon  Infor¬ 
mation  Consultants  LP,  one  of  the  pre¬ 
ferred  consultants  that  Shell  Oil  Prod¬ 
ucts  taps  for  temporary  labor. 

Getting  Suppliers  to  Pay 

One  reason  Shell  Oil  Products  has  got¬ 
ten  such  swift  returns  on  its  invest¬ 
ment  is  that  it’s  not  paying  for  IQNavi¬ 
gator.  The  software  is  paid  for  by  labor 
suppliers  such  as  Icon  Information. 

Having  suppliers  pay  access  fees  for 
contingent  workforce  management 
software  “has  become  the  norm  in  the 
industry,”  says  O’Rourke.  She  points  to 
similar  arrangements  Icon  has  with  J.P. 
Morgan  Chase  &  Co.  and  Waste  Man¬ 
agement  Inc.,  where  system  access  fees 
typically  range  from  3%  to  5%  of  an  in¬ 
voice,  she  says. 

A  Gartner  Inc.  report  last  year  la¬ 
beled  IQNavigator  a  “trendsetter”  in 
this  market  niche  and  said  the  compa¬ 
ny  had  an  impressive  lineup  of  large 
customers.  But  while  the  use  of  con¬ 
tingent  workforce  management  sys¬ 
tems  might  be  gaining  traction  in  the 
U.S.,  it  hasn’t  drawn  much  interest  in 
Europe,  notes  Wolfgang  Bernhart,  a 


SHELL  OIL 
PRODUCTS  US 

HEADQUARTERS:  Houston _ 

PARENT  COMPANY:  ShellOilCo^ 

BUSINESSES:  An  oil  refiner  and  mar- 
keter,  with  four  refineries  in  the  west¬ 
ern  U.S.;  if  sells  fuel  at  22,000  gas 
stations  (along  with  partner  Motiva 
Enterprises  LLC).  The  company  also 
makes  lubricants  such  as  motor  aii. 

HISTORY:  The  unit  was  acquired 
from  Texaco  and  recently  absorbed 
Pennzoil-Quaker  State. 

SOURCES:  WWW.HOOVERS.COM: 
WWW.SHELLOILPRODUCTSUS.COM 

consultant  at  Arthur  D.  Little  GmbH 
in  Wiesbaden,  Germany. 

At  Shell  Oil  Products,  Chapman 
says,  the  biggest  challenge  was  getting 
different  departments  to  change  the 
way  they  procure  temporary  and  con¬ 
tingent  labor  and  to  be  willing  to  use  a 
smaller  number  of  suppliers. 

“We’re  trying  to  educate  people  in¬ 
ternally  that  this  is  business  and  that 
we’re  trying  to  get  the  right  people  at 
the  right  price,”  says  Chapman.  “Peo¬ 
ple  don’t  like  that  kind  of  scrutiny  and 
aren’t  always  accepting  of  that  level  of 
change.” 

So  it  didn’t  hurt  that  the  company’s 
CEO  and  chief  financial  officer  spon¬ 
sored  the  project. 

To  help  other  departments  and  divi¬ 
sions  accept  the  new  approach  to  hir¬ 
ing  contract  labor,  Chapman  and  his 
team  “did  a  lot  of  change  management 
work,”  he  says.  It  included  holding 
awareness  sessions  with  suppliers  and 
internal  managers  and  communicating 
the  benefits  of  the  new  approach. 
“Some  areas  were  more  receptive  than 
others,”  says  Chapman. 

Nevertheless,  the  project  is  moving 
apace.  In  December,  Shell  Oil  Prod¬ 
ucts’  human  resources,  supply  chain 
and  special  projects  groups  were 
added  to  the  system.  The  IT  division 
and  retail  operations  units  were  added 
in  February  and  March,  respectively, 
followed  by  the  company’s  transporta¬ 
tion  division  in  April  and  Its  refining 
and  lubricants  businesses  in  May. 

The  overhaul  has  transformed  the 
way  Shell  does  business  with  labor  pro¬ 
viders.  Says  Chapman,  “We  couldn’t 
have  done  this  five  years  ago.”  I 


TAMM  TEMP  COSTS 

Read  about  Carlson  Companies  Inc.  and  other  big 
businesses  that  are  using  temp  management  software: 
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See  it  fixed  b<  fore  it’s  broken. 

See  the  problem  before  it  occurs. 
See  IT  and  business  goals  as  one 


Tivoli  Intelligent  Management  software.  It’s  here  now:  software  that  self-configures,  self-heals, 
self-optimizes  and  self-protects.  On  demand.  With  Tivoli,  on  demand  business  is  more  manageable 
than  ever.  You’ll  spend  less  time  worrying  about  mundane  tasks  and  more  time  on  important  things  — 
like  business  results.  For  a  customized  analysis  of  how  Tivoli  can  help  you,  visit  ibm.com/tivoli/seeit 


IBM,  Tivoli,  the  e-busmess  logo  and  e-business  on  demand  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and'or  other  countries. 
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Companies  Lack 
E-mail  Policies 

Employers  are  doing  a  poor  job  of 
managing  employee  e-mail  and 
preparing  for  potential  e-mail- 
related  lawsuits  and  regulatory  au¬ 
dits,  according  to  a  recent  survey 
of  1,100  companies  from  the  Amer¬ 
ican  Management  Association,  The 
ePolicy  Institute  and  Clearswift 
Ltd.  Here  are  some  key  points: 

■  34%  of  employers  have  imple¬ 
mented  written  e-mail  retention 
and  deletion  policies. 

■  22%  have  fired  employees  for 
violating  e-mail  policies. 

■  14%  have  been  ordered  by  a 
court  or  regulatory  body  to  produce 
e-mail,  up  from  9%  in  2001. 

■  48%  offer  e-policy  education, 
and  27%  provide  e-mail  retention 
and  deletion  training. 

■  90%  have  installed  software  to 
monitor  incoming  and  outgoing 
e-mail,  but  only  19%  use  technolo¬ 
gy  to  track  internal  e-mail. 


Former  GE  Exec 
Joins  Solectron 

Marc  Onetto,  a  former  General 
Electric  Co.  executive,  last  week 
joined  Solectron  Corp.  in  Milpitas, 
Calif.,  as  executive  vice  president 
of  worldwide  operations.  Onetto, 
52,  will  be  responsible  for  world¬ 
wide  manufacturing,  materials 
management,  quality,  new  product 
introduction,  IT,  logistics  and  re¬ 
pair  operations. 
From  1992 
through  last  year, 
he  held  several 
positions  at  GE, 
including  CIO  in 
the  GE  Medical 
Systems  unit. 


E-billing  Cuts  Costs 

A  B2B  biller  could  save  $2.7  mil¬ 
lion  per  year  by  delivering  all  busi¬ 
ness  bills  over  the  Web.  Paper  bills 
cost  an  average  of  $5  each  to  pro¬ 
duce  and  deliver;  Web-based  bills 
cost  $2  each,  according  to  a  Gart¬ 
ner  Inc.  survey  of  100  large  com¬ 
panies  that  send  an  average  of 
75,000  bills  each  month. 


NORBERT  J.  KUBILUS  ■  PEER  TO  PEERS 


Sarbanes-Oxley:  Where 
IT  and  Finance  Meet 


THERE’S  A  GIANT  SIGH  OF  RELIEF  rising 
in  the  executive  suites  and  corporate 
boardrooms  of  large,  publicly  held  compa¬ 
nies  around  the  country.  Why?  Because 
the  U.S.  Securities  and  Exchange  Commis¬ 
sion  has  postponed  implementing  certain  key  sections 
of  the  Sarbanes-Oxley  Act  for  nine  months.  This  gives 
the  SEC  more  time  to  complete  the  regulations  that  all 
SEC-regulated  companies  will  have  to  follow. 


Postponing  SarbOx  (as 
it’s  affectionately  called) 
will  give  CEOs,  CFOs  and 
external  auditors  more 
time  to  institute  proce¬ 
dures  for  keeping  track  of 
all  financial  information, 
from  the  moment  of  incep¬ 
tion  to  the  final  submission 
in  an  annual  report  to  the 
SEC.  It  also  delays  the 
SarbOx  mandate  that  every 
public  company  submit  an 
annual  report  to  the  SEC 
that  assesses  the  effective¬ 
ness  of  its  internal  controls  for  finan¬ 
cial  reporting. 

Sounds  like  a  purely  financial  issue, 
right?  Not  quite. 

Yes,  SarbOx  is  fundamentally  finan¬ 
cial  legislation.  Enacted  in  part  as  a  re¬ 
action  to  Enron  and  other  corporate  fi¬ 
nancial  scandals,  the  law’s  goal  is  for 
public  companies  to  produce  more 
complete  and  accurate  financial  re¬ 
ports.  The  emphasis  on  internal  con¬ 
trols,  however,  goes  far  beyond  poli¬ 
cies,  procedures  and  external  audits. 

The  SEC  still  must  define  what  “in¬ 
ternal  controls”  means  in  terms  of 
compliance  regulations,  but  one  thing 
is  almost  certain:  Any  public  company 
that  utilizes  IT  as  part  of  its  financial 
business  processes  will  find  that  IT 
controls  are  included  in  the  definition. 
SarbOx  compliance  could  also  mean 
an  overhaul  or  upgrade  of  financial 


transaction  and  reporting 
systems  for  most  compa¬ 
nies,  regardless  of  size,  in 
order  to  meet  regulatory 
requirements  for  more  ac¬ 
curate,  more  detailed  and 
speedier  filings. 

So  far,  CIOs  have  been 
warming  the  bench,  while 
CEOs,  CFOs,  attorneys  and 
auditors  attempt  to  address 
known  and  anticipated 
SarbOx  compliance  issues. 
Now  is  the  time  for  the 
CIO  to  get  into  the  game 
and  step  up  to  take  the  lead  on  the  IT 
control  issue.  The  CIO  should  view 
the  IT  organization  and  infrastructure 
as  if  he  were  the  CEO  of  a  “business 
within  the  business.”  Would  the  CIO 
be  comfortable  putting  his  neck  on  the 
line  during  a  SarbOx  compliance  au¬ 
dit?  Probably  not. 

Although  regulations  haven’t  been 
defined  for  compliance  with  SarbOx 
Section  404  —  which  mandates  an  au¬ 
dit  of  internal  controls  —  there  are  a 
number  of  areas  where  the  CIO  can 
apply  common  sense  and  best  prac¬ 
tices  to  comply  with  the  act’s  goals. 

Examining  the  control  processes 
within  the  IT  organization  relating  to 
financial  systems  is  the  logical  place  to 
start.  For  example,  segregation  of  du¬ 
ties  within  the  systems  development 
staff  is  a  widely  recognized  best  prac¬ 
tice  that  helps  prevent  errors  and  out¬ 


right  fraud.  The  people  who  code  pro¬ 
gram  changes  should  be  different  from 
the  people  who  test  them,  and  a  sepa¬ 
rate  team  should  be  responsible  for 
production  change  control. 

Homegrown  financial  systems  are 
fraught  with  potential  data-integrity 
problems,  but  packaged  systems  aren’t 
totally  immune,  either.  Although  lead¬ 
ing  ERP  systems  offer  audit-trail  func¬ 
tionality,  customizations  of  these  sys¬ 
tems  often  bypass  those  controls.  The 
CIO  has  to  work  with  internal  and  ex¬ 
ternal  auditors  to  ensure  that  cus¬ 
tomizations  can  pass  muster. 

Closely  related  to  development  and 
change  controls  are  project  manage¬ 
ment  methodologies.  The  leading 
cause  of  systems  implementation  fail¬ 
ure  continues  to  be  poor  project  man¬ 
agement.  The  CIO  must  ensure  that 
the  IT  department  has  a  process  to  en¬ 
sure  a  successful  selection  and  imple¬ 
mentation  of  new  or  upgraded  finan¬ 
cial  systems  within  defined  schedules, 
budgets  and  acceptable  levels  of  risk. 

Records  management  is  another 
area  of  concern  for  the  CIO  as  the 
long-term  custodian  of  corporate  data. 
How  a  company  stores  and  transmits 
electronic  documents  —  and  whether 
or  not  they’re  deleted  —  can  have  sig¬ 
nificant  legal  and  financial  conse¬ 
quences.  The  CIO  should  work  with 
the  CEO,  CFO  and  corporate  attorneys 
to  create  a  document-retention-and- 
destruction  policy  that  addresses  what 
types  of  electronic  documents  should 
be  saved  —  and  for  how  long. 

Ultimately,  SarbOx  compliance  will 
require  a  close  working  relationship 
involving  the  CEO,  CFO  and  CIO.  Get¬ 
ting  into  the  game  starts  with  running 
IT  as  a  business  and  strengthening  IT 
internal  controls.  I 


MORE  COVERAGE 


See  all  of  Computerworld' s  coverage  of  the 
Sarbanes-Oxley  Act  at  our  Web  site: 


OQuickLink  a3250 

www.computerworld.com 


See  old  apps  combine  with  new  apps. 
See  customers  connect  with  partners. 
See  today’s  stuff  click  with  tomorrow’s 


WebSphere  Business  Integration  is  far  and  away  the  leading  integration  software  for  the  on  demand 
era.  Open  and  flexible,  WebSphere  lets  you  model,  integrate  and  manage  all  of  your  business 
processes.  WebSphere  delivers  an  infrastructure  that  quickly  responds  to  change,  meeting  business 
demands,  on  demand.  For  an  Integration  InfoKit  and  case  studies,  visit  ibm.com/websphere/seeit 
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Data  Warehouse 
Architect  Specialist 

A  global,  Boston-area  company 
engaged  in  the  design,  manufac¬ 
ture  and  sale  of  consumer  prod¬ 
ucts,  has  an  immediate  need  for  a 
highly  skilled  Data  Warehouse 
Architect  Specialist  in  their  Data 
Architecture  and  Capacity  Plan¬ 
ning  group.  This  senior,  mentor- 
level  position  is  responsible  for 
analyzing  financial,  manufactur¬ 
ing  and  retail  sales  data  and  con¬ 
verting  business  decision  support 
requirements  into  implementable 
relational  and  multi-dimensional 
data  and  database  models,  and 
maintaining  them  within  an  Ora¬ 
cle  8i  data  warehousing  environ¬ 
ment.  Minimum  education  is  a 
Bachelor's  degree  in  Computer 
Science,  Mathematics,  MIS,  or 
similarly  relevant  field.  Minimum 
experience  required  is  five  (5) 
years  post-degree  business  sys¬ 
tems  intelligence  experience  in¬ 
volving  relational  data  modeling 
and  database  design,  to  include  3 
years  of  data  warehousing  for 
manufacturing  and  retail  opera¬ 
tions.  Specific  requirements  in¬ 
clude  demonstrated  ability  to 
model  complex  business  require¬ 
ments  into  both  relational  and 
star-schema  /  snowflake  concep¬ 
tual  and  logical  data  models, 
leading  to  Oracle  8i-compliant 
physical  models.  Also  required  is 
the  demonstrated  ability  to  utilize 
the  ERwin  modeling  tool,  and  the 
Oracle  Express  reporting  tool. 
Additionally  required  is  the  dem¬ 
onstrated  ability  to  develop,  eval¬ 
uate,  enhance,  and  maintain  data 
modeling  standards  and  metada¬ 
ta  repositories.  Finally  required  is 
the  demonstrated  ability  to  code 
in  ANSI  SQL  in  an  Oracle  8i  envi¬ 
ronment  on  a  UNIX  platform. 
Base  salary  is  $99,200  per  year. 
Benefits  include  ten  (10)  days 
paid  vacation,  medical,  dental, 
disability,  life  insurance,  and  other 
industry-competitive  benefits. 
Qualified  applicants  respond  with 
two  (2)  copies  of  resume  only  to: 
Case  #  2002-02334,  Labor 
Exchange  Office,  19  Stamford 
Street,  1st  Floor,  Boston,  MA 
02114.  An  EOE/MFHV. 


SOFTWARE  PROGRAMMER 

Participate  in  software  dvlpmnt 
process,  including  generation  of 
software  specs  &  reqrmnts, 
prep,  of  detailed  software  dsgn 
documentation,  modular  decom¬ 
position  of  abstract  functional 
reqrmnts  into  software  module 
specs  &  templates,  software 
code  walk-throughs  &  reviews, 
&  black  box/white  box  testing. 
Will  utilize  C  &  C++  program¬ 
ming  langs.  in  Embedded  soft¬ 
ware  for  communication/network 
software  dvlpmnt,  COM  compo¬ 
nent  dvlpmnt,  Basic  language  as 
used  in  Vis.  Basic  environment, 
&  Java  language.  Will  work  in 
Windows  NT  operating  sys. 
including  Windows,  COM,  & 
ActiveX  component  technolo¬ 
gies,  MS  Office,  Networking, 
Communication  &  related  tools. 
Utilize  software  config.  &  control 
tools.  BS  in  Comp.  Sci.  or 
Engmg  +  4  yrs  exp.  in  position 
offered  or  as  a  Software  Engnr 
or  Sys.  Engnr.  Must  have:  (i) 
exp.  w/C  &  C++  programming 
languages,  COM  component 
dvlpmnt,  Basic  &  Java  lan¬ 
guages,  Windows  NT  operating 
sys.,  ActiveX,  MS  Office  &  relat¬ 
ed  tools  &  software  config.  & 
control  tool;  &  (ii)  worked  on 
Network/Communication  soft¬ 
ware  dvlpmnt,  incl.  working 
knowledge  of  SNMP  V2  MIBs. 
40  hrs/wk,  OT  as  reqd.  8  am  -  5 
pm,  $64,240/yr.  Applicants 
submit  resumes  to  Site 
Manager,  PA  CareerLink  - 
Westmoreland  County,  300  East 
Hillis  Street,  Youngwood,  PA 
15697-1808.  Please  refer  to 
Job  Order  Number  WEB 
337601. 


Software  Engineer:  Participate  in 
the  development  design  specifica¬ 
tions  and  implementation  of  com¬ 
mercial  applications.  Ensure  design 
integrity,  timely  delivery  and  high 
code  quality  of  implemented  work. 
Will  participate  in  the  design,  devel¬ 
opment  and  support  of  proprietary 
software  solutions  in  Web-based 
and  Client/Server  architecture.  De¬ 
velop  software  using  Object  Ori¬ 
ented  Design  technologies  to  cre¬ 
ate  flexible  large  scale  databases 
and  information  management  sys¬ 
tems.  Requires:  M.S.  in  Computer 
Science  or  an  Engineering  or  quan¬ 
titative  field  with  no  experience  or 
B.S.  in  Computer  Science  or  Engin¬ 
eering  or  quantitative  field  and  5 
years  experience  in  software  devel¬ 
opment.  Demonstrated  ability  in 
Java,  C  ++,  XML,  Visual  C  ++,  and 
MFC.  Demonstrated  knowledge  of 
multiplatform  development  distrib¬ 
uted  design  concepts  and  data 
base  access.  40hrs/wk  (8:00  a.m. 
to  5:00  p.m.)  $90,461.00/yr.  Send 
two  resumes/responses  to:  Case 
Number  200201557,  Labor  Ex¬ 
change  Office,  19  Staniford  Street, 
1st  Floor,  Boston,  MA  02114. 


Senior  Developer:  Design  and  de¬ 
velop  customized  user  tools  for 
various  client  applications  using  e- 
commerce  technologies  and  sys¬ 
tems  integration  with  object  orient¬ 
ed  analysis  and  design.  Develop 
E-commerce  projects  using  J2EE 
architecture,  develop  components 
using  EJB,  Servlets,  JSP,  JMS, 
Java  Cryptography,  Applets, 
Beans,  Java  Applications.  Work 
on  components  to  access  different 
types  of  databases  LDAP,  Oracle 
and  DB2.  Work  with  Rational 
Rose  to  design  object  model  for 
projects.  Work  on  data-Warehous- 
ing  projects  using  Oracle,  Hyper¬ 
ion,  Cognos,  MicroStrategy.  Work 
on  tools  for  Y2K  conversions  us¬ 
ing  REXX,  ISPF,  COBOL.  Imple¬ 
ment  projects  Y2K  projects  Using 
CICS,  COBOL,  PL/1,  DB2,  IMS, 
DB/DC,  JCL,  PACBASE,  MANTIS 
and  MVS.  Requires:  Bachelors  in 
Electrical  Engineering  or  its  equiv¬ 
alence  and  2  years  experience  in 
e-commerce  technologies.  40hrs/ 
wk  (8:00  AM  to  5:00  PM); 
$84,000.00/yr.  Send  two  resumes/ 
responses  to:  Case  Number 
200202467,  Labor  Exchange 
Office,  19  Staniford  Street,  1st 
Floor,  Boston,  MA  02114. 


Architect,  Hardware  Develop¬ 
ment  Group.  Responsible  for  1) 
Algorithm  Development  and 
Simulation  aimed  at  proving  out 
algorithms  for  incorporation  into 
future  graphics  cores, 
(2)Algorithm  Migration  aimed  at 
implementation  specification  for 
graphics  chip, (3)  supporting  chip 
development  team  for  such 
implementation,  and(4)  Industry 
and  Academia  interaction 
including  giving  presentations 
and  writing  technical  papers. 
Requires  Ph.D.  in  Computer 
Science  plus  4  years  exp.  in  job 
offered  or  4  years  directly  relat¬ 
ed  professional  experience. 
Rate  of  pay:  $ 100,000.00/year. 
Hours:  40/week  -  9  am  to  5pm. 
Reply  by  resume  only  (2  copies) 
to  Case  #  200201558,  Labor 
Exchange  Office,  19  Staniford 
Street,  1st  Floor,  Boston,  MA 
02114 


Senior  Design  Verification  Test  En¬ 
gineer:  Develop  and  integrate  all 
aspects  of  hardware  diagnostics. 
Will  develop  read/write  and  device 
driver  capability  for  new  hardware 
product  components  using  in  real 
time  operating  OS  in  addition  to 
working  on  data  communication 
technologies  such  as  SONET/ 
SDH.  10/100  Ethernet,  ATM  and 
legacy  transport  protocols  such  as 
DS1  and  DS3.  Requires:  Bachelor 
of  Science  in  Electronics  and  En¬ 
gineering  and  2  years  experience 
in  Information  Technology.  Must 
have  hands  on  knowledge  of  C, 
C++,  Assembly,  and  OOD  comput¬ 
er  languages.  40hrs/wk  (8:00  AM 
to  5:00  PM);  $77,000.00/yr.  Send 
two  resumes/responses  to:  Case 
Number  200202532,  Labor  Ex¬ 
change  Office,  19  Staniford  Street, 
1st  Floor,  Boston,  MA  02114. 


Software  Engineer 
(Bioinformatics) 

Genaissance  Pharmaceuticals,  Inc. 
has  an  immediate  opening  in  its 
New  Haven,  Connecticut  facility  for 
a  Software  Engineer  (Bioinformat¬ 
ics).  Will  develop  and  execute  soft¬ 
ware  system  test  plans  and  perform 
various  database,  data  mining,  inte¬ 
gration  research,  and  design  and 
testing  assignments  in  the  develop¬ 
ment  of  computer  systems  and  ap¬ 
plications  in  the  field  of  Bioinformat¬ 
ics.  Must  possess  a  Ph.D.  in  Life 
Sciences,  Mathematics,  Physics,  or 
Computer  Science;  and  relevant 
work  experience,  including  experi¬ 
ence  with  mathematical  modeling 
and  concepts,  such  as  probability 
and  statistical  inferences  and  algo¬ 
rithmic  proofs,  socket  programming 
for  BSD  Kernel  and  Java,  Oracle 
computing-based  environment,  Ja¬ 
va  and  SQL  programming  lang¬ 
uages,  and  UNIX  operating  system. 

Resume  and/or  cover  letter  must 
reflect  each  requirement  above  and 
specify  reference  code  SZ/SEB  or  it 
will  be  rejected.  Forward  resume  to: 
Leigh  Webb,  Human  Resources 
Associate,  Genaissance  Pharma¬ 
ceuticals,  Inc.,  Five  Science  Park, 
New  Haven,  CT  06511.  We  are  an 
equal  opportunity  employer. 


SOFTWARE  ENGINEERS  (Mult¬ 
iple  Openings):  Candidate  must 
have  1-4  yrs.  of  exp.  in  Software 
Development/Programming. 
BS/MS  Comp.Sci/Engg/Bus.  or 
related  field.  Exp.  in  all  phases  of 
software  development  life  cycle. 
Knowledge  of  EJB,  Vea  Web 
Logic,  Sebsphere,  RMI,  DB2, 
PowerBuilder,  Rational  Rose,  C, 
C++,  Java,  J2EE,  J-Builder,  Visual 
Basic,  JDBC,  XML,  HTML,  LDAP, 
PHP,  Oracle,  Sybase,  ASP,  COM/ 
DCOM,  SAP,  SQL,  Apache  Web 
Server,  CICS,  JCL,  ABAP,  Siebel, 
and  Object  Oriented  Program¬ 
ming  Languages.  Exp.  in  GUI 
development  on  Windows  plat¬ 
forms.  Familiarity  with  both  UNIX 
&  Windows  environment.  Know¬ 
ledge  of  TCP/IP,  SSH  &  Web 
Services.  Exp.  with  Windows  da¬ 
tabase  technologies  &  database 
design.  Strong  teamwork  &  com¬ 
munications  skills.  May  require 
traveling  to  client  sites  in  the  U.S. 
Top  $$  +  bnfts.  Mail  resume  to: 
Yash  Technologies,  Inc.,  605, 17th 
Ave.,  Suite  #1,  East  Moline,  IL, 
61244. 


BellSouth,  a  leader  in  providing 
local  and  cellular  telephone,  pag¬ 
ing  and  mobile  data  services  has 
multiple  openings  for  the  follow¬ 
ing  positions  in  its  Atlanta, 
Georgia  office: 

Senior  Software  Developer 
Software  Engineer 
Portal  Content  Analyst  -  Latin 
Market  -  Spanish  fluency  required 
Channel  Analyst 

All  positions  require  a  relevant 
bachelor's  or  master's  degree  or 
foreign  degree  equivalent  and  rel¬ 
evant  experience  including  expe¬ 
rience  with  Homebase  software. 

For  consideration,  please  forward 
your  resume  to:  Ms.  Lisa 
Burlingame,  BellSouth,  2247 
Northlake  Parkway,  Suite  800, 
Tucker,  Georgia  30084.  Please 
do  not  email  or  fax  resumes. 
EOE. 


Software  Engineers  & 
Programmers:  Analyze,  design, 
develop,  test  and  maintain  a 
highly  sophisticated/interactive 
Web  Portal,  e-commerce  and 
content  management  system 
encompassing  over  500  cate¬ 
gories  and  22,000  products/ser¬ 
vices  and  software  solutions 
employing  state  of  the  art  engine 
search  technology  including 
DB2  7.0,  WebSphere  3.5,  IBM 
Server,  Tomcat,  Oracle/Oracle 
9iAS,  WebLogic,  Microsoft  Visio, 
UML,  P3P,  IBM  policy  Editor, 
SilverPop  &  Accucast  email 
servers,  SalesLogix,  Proficient, 
Web  Trends  &  KeyLine  tracking, 
Starteam,  Unix  Shell  Scripting, 
Ultra  edit,  Top  Style  Pro,  XML, 
J2EE  and  related  technologies. 
For  Info  or  to  apply,  contact 
Human  Resources,  Knowledge- 
Storm,  Inc.,  2520  Northwinds 
Parkway,  Suite  300,  Alpharetta, 
GA  30004.  EOE.  No  phone  calls 
please. 


Aluminum  Blanking  has  open¬ 
ings  for  system  or  programmer 
analyst  responsible  for  Oracle 
database  administration  & 
Intranet  management.  Candid¬ 
ates  must  have  BS  with  exp.  in 
Oracle  DBA.  We  offer  competi¬ 
tive  wage  with  full  benefits. 
Please  contact: 
landerson@albi.com.  EOE 

IT  professionals  (program¬ 
mers/system  analysts,  software 
engineers)  wanted  by  Advanced 
Technology  Group  USA. 
Minimum  requirement  is  BS. 
Skills  in  Java,  Oracle,  SQL, 
HTML,  WebLogic,  JSP,  VB,  EJB 
are  strong  plus.  Please  send 
resume  to  info@atgusainc.com. 
EOE 


Application  Development  Con¬ 
sultant  needed  at  client  sites  to 
build  telecom  enterprise  busi¬ 
ness  appl  systems  for  business 
n/work  inventory  mgmt  &  svc 
delivery:  For  web  based  GUI 
dvlpmt  using  tools  such  as  Java, 
JSP,  Servlet,  XML,  XSL,  Java 
Script,  Perl/CGI  on  servers  such 
as  Oracle9iAS,  Apache,  JURN, 
Web  Logic,  Tomcat;  &  for  back¬ 
end  &  interface  using  tools  such 
as  C++,  Java,  CORBA,  EJB, 
JDBC,  XSQL:  +  tools  on  Unix, 
PC  &  Oracle  DB.  Send  resume 
to:  Hireme,  Global  Consultants, 
25  Airport  Rd,  Morrisown,  NJ 
07960. 


Prog/Analysts(Job  90)  to  ana¬ 
lyze,  design/develop  and  en¬ 
hance  online  &  batch  programs 
using  Java,  JSP,  Jscript, 
Servlets,  HTML,  COBOL,  CICS, 
DB2  etc.  under  Windows  and 
IBM  ES  9000  envir;  perform 
unit/system  level  testing,  req¬ 
uirement  analysis;  implement 
new/modified  programs;  debug, 
maintain, document  process. 
Require:  B.S.  or  foreign  equiv. 
in  CS/Engg(any  branch)  &  2  yrs 
of  exp.  in  IT.  Send  Resume  to: 
Priscilla  Vickers/HR, 

Transplace,  509  Enterprise 
Drive,  Lowell,  AR  72745.  Must 
specify  on  cover  letter  applying 
to  Job  90. 


Systems _ & _ Software _ lest 

Engineer  -  ReqS  BS-CS/CE  with 
lyr  exp.  Knowledge  of  iDen 
Technology  &  phone  configura¬ 
tions;  IPTF,  ISDS,  Xflash,  Wedb- 
JAL,  RSS,  DOTS,  &  Clear  Case 
req'd.  Mail  resumes  to  Signature 
Consultants,  2200  W.  Commer¬ 
cial  Blvd,  #207,  Ft.  Lauderdale, 
FL  33309. 

Software  Developer  -  Reqs  BS 
or  equiv.  CS/CE  with  lyr  exp. 
Knowledge  of  iDen  Technology, 
UIS  frame  work  of  iDen  phones 
and  phone  configurations,  SDS, 
IPTf,  Xflash,  WedbJAL,  RSS, 
DDTS,  Clear  Case  req'd.  Mail 
resumes  to  Signature  Consult¬ 
ants,  2200  W.  Commercial  Blvd., 
#207,  Ft.  Lauderdale,  FL  33309. 


BellSouth,  a  leader  in  provid¬ 
ing  local  and  cellular  tele¬ 
phone,  paging  and  mobile  data 
services  has  multiple  openings 
for  the  position  of  Systems 
Administrator  in  its  Atlanta, 
Georgia  office:  Position  re¬ 
quires  relevant  bachelor's  de¬ 
gree  or  foreign  degree  equiva¬ 
lent  and  relevant  experience. 
For  consideration,  please  for¬ 
ward  your  resume  to:  Ms.  Lisa 
Burlingame,  BellSouth,  2247 
Northlake  Parkway,  Suite  800, 
Tucker,  Georgia  30084. 
Please  do  not  email  or  fax 
resumes.  EOE. 


Computer  Programmers: 
Must  have  4  years  of 
experience  plus  a  BS  in 
Comp/Elect  Eng  or  relat¬ 
ed  field.  Mediaspace 
Solutions,  101  Merritt  7, 
3rd  Floor,  Norwalk,  CT 
06851.  Please  send 
resumes  to  jobs@ 
mss-mail.com  in  MS 
Word  or  Adobe  Acrobat 
format. 


|P» 

Kama 


Kama  Consulting  Inc. 
TOP  $$’s,  W2  or  1099 

We  are  a  fast  growing 
Consulting  company  based 
in  New  Jersey. 
Excellent  opportunities  for 
Programmers, 

Systems  Analysts,  DBAs. 

Sun  Solaris  System  Admins, 
Natural,  Webshere, 
ADABAS,  ORACLE,  SYBASE, 
PROGRESS,  COBOL,  C++ 
TCP/IP,  Delphi/VB,  Windows  NT 

Send  your  resume  to 
Rod  McFadden 
Kama  Consulting 
Fax:  704-896-9660 
Email:  rod@kamaco.com 


THE  WOP  I  D'S  BEST 
IT  TOOL  IS  IN 
YOUR  HANDS, 


THE  WORLD’S  BEST 
IT  TALENT  IS  AT 
OUR  SITE. 

WHAT  ELSE  WOULD  YOU 
EXPECT  FROM  THE  ONE  AND 
ONLY  CAREER  RESOURCE 
FOR  READERS  OF 
COMPUTERWORLD, 
INFOWORLD  AND 
NETWORK  WORLD? 


COME  OX, 

RECRUIT  OUR  READERS 
AND  YOiri.E  RECRUIT 
LESS  OFTEN 

w  w  w.  i  t  c  a  r  e  e  r  s .  e  oni  : 
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Network  Systems  and  Data 
Communications  Analyst: 
Analyze  user  &  software  reqs  & 
plan  computer  systems  of  net¬ 
works;  analyze,  evaluate,  test  & 
troubleshoot  computer  systems, 
computer  networks,  PBX  net¬ 
work,  telecomm  systems  &  AA/ 
systems;  design  info  and  comm 
system;  augment  existing  net¬ 
work  of  computers,  printers, 
scanners,  projectors,  etc;  man¬ 
age  user  accts  in  network.  Req 
Bachelor's  degree  in  Electronics 
Eng'g.  or  related,  or  equiv  and  1 
yr  exp  in  job  offered  or  as 
Network  Eng'r.  $14. 67/hr,  40 
hpw,  M-F,  8a-5p.  Send  resume 
to  Larry  Farish,  Manager, 
Premier  Hospitality  LLC,  400 
Greymont  Ave.,  Jackson  MS 
39202. 


Prog  Analysts  to  analyze, 
design  s/w  appls  using  SAP 
R/3,  ABAP/4,  Workflow 
Technology,  C,  C++,  VB, 
Oracle,  MS  SQL  Server  on 
UNIX  and  Windows  os;  gather 
and  document  reqs  from  user 
community;  test/troubleshoot 
project  appl  code  according  to 
system  objectives.  Require  a 
B.S.  or  foreign  equivalent  in 
CS/Engg  (any  branch)  or  relat¬ 
ed  field  with  2  yrs  exp  in  IT. 
Highsalary.  F/T  position.  Travel 
Required.  Resume  to  HR, 
Smartsoft  International,  Inc., 
4898,  South  Old  Peachtree  Rd, 
Norcross,  GA  30071 


Look  i  i  For 
A 

>  ew  Career? 


The  new 
itcareers.com 
and 

^^^■Joumal.com 
combined 
jobs  database 
can  help  you 
find  one. 
Check  us  out! 
www.itcareer^^H 


Oracle  Apps  DBA:  Design,  devel¬ 
op,  implement  &  test  the  business 
applications  in  areas  of  database 
optimization,  logical  &  physical 
database  design,  data  extraction, 
conversion,  migration,  proce¬ 
dures,  data  modeling  using  ora¬ 
cle  9i,  8i,  8.0,  PL/SQL,  Oracle 
Designer,  Developer  2000  & 
relational  database  tools  on  a 
UNIX  system.  Exp  with  systems 
support  on  Solaris  &  Websphere 
App.  Server,  performance  tuning, 
Erwin,  E/R  studio  designer,  pow¬ 
er  designer.  Informatics  &  Oracle 
enterprise  manager.  Req  MS  in 
Comp.  Sci.  Engg/Rel  field  with  2 
yrs  exp  or  BS  with  5  yrs  exp. 
Wages:  $75,000/yr,  40  hrs/wk, 
8am-5pm.  Send  2  resumes  to: 
Case  #200202165,  Labor  Ex¬ 
change  Office,  19  Staniford  St. 
1st  FI.,  Boston,  MA  02114. 


VegaStream,  lnc„  located  in 
Boca  Raton  is  seeking  F/T  expd. 
Manager  of  Product  Support  to 
research,  design,  and  developing 
of  computer  software  systems,  in 
conjunction  with  hardware  prod¬ 
uct  development.  Analyze  soft¬ 
ware  requirements  to  determine 
feasibility  of  design  within  time 
and  cost  constraints.  Consult  with 
hardware  engineers  and  other 
engineering  staff  to  evaluate 
interface  between  hardware  and 
software,  and  operational  and 
performance  requirements  of 
overall  system.  Formulate  and 
design  software  system,  using 
scientific  analysis  and  mathemat¬ 
ical  models  to  predict  and  mea¬ 
sure  outcome  and  consequences 
of  design.  Bachelor’s  degree  in 
Computer  Science,  competitive 
salary.  Fax  resume  to  H.R. 
(561)  995-6027. 


Sys/Analysts  to  analyze, 
design,  customize  and  imple¬ 
ment  businessappls  using 
Oracle  Financial  Applications, 
PL/SQL,  SQL  Plus,  SQL  Loader 
and  Oracle;  perform  data  con¬ 
versions,  customize  Forms/ 
Reports  using  Oracle  Applica¬ 
tions  standards;  document, 
maintain  &  update  development 
process;perform  tuning,  modifi¬ 
cation,  troubleshooting  and 
debugging  of  system  soft¬ 
ware. Require:  BS  or  foreign 
equiv  with  concentration  in 
CS/Engg(any  branchj/Business 
admin.  &  2  yrs  exp  in  IT.  In  lieu 
of  BS,  3  yrs  of  academic  stud¬ 
ies  towards  a  Bachelors  plus 
lyrs  of  exp  in  Oracle 
Applications  will  be  accepted. 
Travel  required.  High  salary. 
F/T.  Resume  to:  HR,  Fourth 
Technologies,  Inc.,  585  Tollgate 
Road  Suite  I,  Elgin,  IL  60123. 


Prog  Analysts  to  analyze, 
design,  code  and  maintain 
web/client  server  applications 
using  Java,  C,  C++,  CORBA, 
J2EE,  HTML,  Servlets,  XML, 
Weblogic  Server,  IIS,  Oracle, 
MS  Access  etc  under  Windows, 
Sun  Solaris  OS;  perform 
automation  of  functional/regres¬ 
sion  testing  with  WinRunner, 
eTester  and  Astra  Quick  Test; 
provide  on  site  maintenance 
support  such  as  debugging, 
modifications,  fine  tuning  & 
code  optimization.  Require: 
BS  or  foreign  equivalent  in  CS / 
Engg(any  branch)  with  2  yrs 
exp  in  IT.  High  salary,  F/T, 
Travel  involved.  Resume  to: 
HR,  Semafor  Technologies,  Inc, 
3300  Holcomb  Bridge  Road, 
Suite  212,  Norcross,  GA 
30092. 


SENIOR  (UNIX) 
SYSTEMS  ENGINEER 

A  global  consumer  packaged 
goods  company  based  in  the 
Greater  Boston  area,  engaged  in 
the  manufacture,  distribution  and 
marketing  of  a  range  of  personal 
care  products,  has  an  immediate 
need  for  a  highly  skilled  Senior 
(UNIX)  Systems  Engineer.  This 
senior-level  position  involves  the 
analysis  and  proposal  of  system 
hardware,  software,  and  system 
solutions  for  centralized  HP-UX, 
AIX  and  NT  enterprise-class  com¬ 
puting  platforms,  running  SAP 
applications  in  an  Oracle  environ¬ 
ment.  Minimum  educational  re¬ 
quirements  include  an  Associates 
degree  (or  equivalent)  in  Comput¬ 
er  Science,  Math,  MIS,  Electrical/ 
Electronic  Engineering,  or  similar¬ 
ly  relevant  field.  Minimum  experi¬ 
ence  required  is  at  least  seven  (7) 
years  specifying  HP-UX  hard¬ 
ware  /  software  system  solutions, 
at  least  two  (2)  years  of  which 
specifically  was  for  SAP  R/3  in  an 
Oracle  7.x  and  8.x  environment. 
Specific  requirements  include  the 
demonstrated  ability  to  implement 
complex  external  disk  subsystem 
integration  of  EMC  and  HDS  stor¬ 
age  systems  with  HP-UX  and  AIX 
operating  systems.  Also  required 
is  the  demonstrated  ability  to 
specify,  install  and  configure  HP 
9000  series  N4000  and  newer 
Enterprise  Servers.  Additionally 
required  is  the  demonstrated  abil¬ 
ity  to  install,  configure  and  test 
HP  MC/ServiceGuard  clustering 
and  EMC  SRDF  software.  Fur¬ 
ther  required  is  the  demonstrated 
ability  to  write  PERL  scripts  and 
convert  Shell  scripts  to  PERL.  Fi¬ 
nally  required  is  the  demonstrat¬ 
ed  ability  to  implement  enterprise 
backup  solutions  using  HP  Omni- 
Back  integration  with  SAP  br- 
tools.  Base  salary  is  $93,000  per 
year.  Benefits  include  ten  days 
paid  vacation,  contributory  med¬ 
ical,  dental,  disability,  life  insur¬ 
ance,  and  other  industry-compet¬ 
itive  benefits.  Qualified  appli¬ 
cants  respond  with  two  (2)  copies 
of  resume  only  to:  Case  #  2002- 
02333,  Labor  Exchange  Office, 
19  Staniford  Street,  1st  Floor, 
Boston,  MA  02114.  An  EOE/ 
MFHV. 


Principal  Software  Engineer 
responsible  for  project  manage¬ 
ment  of  new  systems  architec¬ 
ture  projects.  Will  oversee  &  par¬ 
ticipate  in  design,  development, 
testing  &  implementation  of  new 
software;  perform  client/serv¬ 
er  application  design  & 
development;  review  technical 
requirement  specifications  for 
software  code  development; 
and  solve  technical  problems 
related  to  the  software  develop¬ 
ment  as  needed  Will  apply 
knowledge  of  C/C++,  HTML, 
Visual  Basic,  UNIX  &  various 
database  applications. 

Requires  Bachelor's  or  equiv  in 
CSc.,  Engineering,  Math  or 
Physics,  plus  5  yrs  experience  in 
Job  Offered  OR  5  years'  devel¬ 
oping  client/server  applications. 
Alternatively,  will  accept 
Master's  or  equiv  in  C.Sc.,  Eng, 
Math  or  Physics,  plus  3  yrs  in 
Job  Offered  OR  3  yrs  develop¬ 
ing  client/server  applications. 
Candidate  must  also  possess 
demonstrated  expertise  in 
design  &  development  of  COM, 
COM+,  business  objects  &  web- 
based  user  interfaces;  dem 
expertise  in  design  &  develop¬ 
ment  of  multi-threaded  user 
interface  interactive  systems; 
and  dem  expertise  in  design  & 
development  of  remote  access 
interactive  tool  w/in  a  multi-hard- 
ware/software/network  infra¬ 
structure.  Sal:  $90,500/yr  M-F, 
9AM-5PM.  Send  2  resumes  to 
Case  #  2002-01701,  Labor 
Exchange  Office,  19  Staniford 
St.,  1"  fl„  Boston,  MA  02114 
EOE.  Applicants  must  be  US 
workers  eligible  to  accept  full¬ 
time  employment  in  U.S. 


Manager,  Software  Develop¬ 
ment.  Manage  the  development 
of  software  to  combine  physio¬ 
logical  and  operational  require¬ 
ments  in  real  world  operations. 
Design  customized  scheduling 
software  for  North  American  rail¬ 
road  operations.  Supervise 
members  of  the  software  devel¬ 
opment  team  and  contract 
employees.  Draft  marketing 
products  for  company's  software 
products.  Manage  creation  of 
user  manuals  and  training  mate¬ 
rial  for  software  products. 
Provide  training  to  clients  on 
software  products.  Oversee 
strategy  for  system  develop¬ 
ment.  Sales  presentations  for 
software  products  to  industry 
clients.  Supervise  and  manage 
software  engineers  and  other 
professionals  engaged  in  the  fol¬ 
lowing  job  duties:  Digital  Signal 
Processing  of  physiological  data 
(e.g.:  EEG,  EOG,  ECG,  video 
data);  Feature  extraction  (under¬ 
standing  of  the  physiological 
underlying  processes  and  the 
mathematical  implications); 
Design  and  training  of  Artificial 
Neural  Networks;  Application  of 
Pattern  Recognition  algorithms 
for  classification  of  physiological 
data;  Application  of  pattern 
recognition  methods  for  predict¬ 
ing  microsleeps;  Development 
of  software  for  modeling  physio¬ 
logical  processes  (alertness 
model);  Integration  and  modify¬ 
ing  hardware  for  detecting  driver 
fatigue;  Testing  hardware  for 
detecting  driver  fatigue; 
Designing  and  programming  of 
software  to  analyze  data  from 
tested  driver  fatigue  detection 
hardware;  Realization  of  pro¬ 
gramming  tasks  in  MATLAB,  C, 
Delphi,  Assembler  and  Visual 
Basic.  Requirements:  Master's 
degree  or  equivalent  in 
Computer  Science,  Engineering 
or  related  field  plus  2  years 
experience  in  job  offered  or  2 
years  experience  as  a  Software 
Engineer  in  the  field  of  Artificial 
Neural  Network.  Must  have  at 
least  2  years  concurrent  experi¬ 
ence  with  the  design,  training, 
and  application  of  Artificial 
Neural  Networks  in  industrial 
context,  as  well  as  MATLAB,  C, 
Visual  Basic,  Assembler  and 
Delphi.  Salary:  $99,500/yr.  for  5 
day,  40  hour  work  week,  9:00 
a.m.-5:00  p.m.  Submit  two  (2) 
copies  of  resume  to  Case 
#200201962,  Labor  Exchange 
Office,  19  Staniford  St.,  1st 
Floor,  Boston,  MA  02114. 


Senior  Software  Engineer: 
Specify,  design,  develop  and 
support  various  aspects  of  the 
products.  Work  within  teams  to 
define  the  next  generation  archi¬ 
tecture  of  the  company's  prod¬ 
ucts  that  include  agents,  net¬ 
working,  management  tools  and 
policy  server.  Work  closely  with 
members  of  the  Product 
Management,  Quality  Assur¬ 
ance,  Release  Engineering, 
Documentation  and  Customer 
Support  teams  to  ensure  proper 
product  development  and  sup¬ 
port.  Follow  rigorous  software 
engineering  standards  including 
development  of  product  require¬ 
ments,  functional  and  design 
specifications  and  adhere  to 
coding  standards.  Work  with 
partners  and  industry  groups  to 
create  and  promote  standards  in 
security  and  e-commerce. 
Requirements  include  a 
Bachelor's  degree  or  equivalent 
in  Computer  Science  or  related 
field  and  five  years  of  experi¬ 
ence  in  job  offered  or  related 
field  of  software  engineering. 
Applicants  must  have  unrestrict¬ 
ed  authorization  to  work  in  the 
United  States.  Salary  $87,000/ 
year.  40  hours/wk.  Respond 
with  two  copies  of  resume  to 
Case  #200202112,  Labor 
Exchange  Office,  19  Staniford 
St.,  1st  FI.,  Boston,  MA  02114. 


HCL  TECHNOLOGIES  AMERICA,  INC. 

HCL  Technologies  America,  Inc.  and  its  affiliate  companies,  like 
HCL  Technologies  (Illinois)  Inc.,  and  HCL  Technologies  (Mass.) 
Inc.,  have  multiple  openings  at  its  offices  in  Sunnyvale,  CA; 
Stamford  CT;  Plano  TX;  Florham  NJ,  Irvine  CA,  Vienna,  VA, 
Boston,  MA,  Chicago,  IL,  Detroit,  Ml  as  well  as  project  sites 
throughout  the  United  States  for  the  following  positions: 

Software  Engineers 
Programmer  Analysts 
Systems  Analysts 
Database  Administrators 
Hardware  Engineers 
Budget  Analysts 

Systems/Network  Administrators 
Project  Managers 

Account  Managers/Sales  Managers/Business  Managers 

Sales  Engineers 

Industrial  Engineers 

Market  Research  Analysts 

Management  Analysts 

Human  Resource  Representative 

Accountants 

Salary  will  be  commensurate  with  education  and  experience. 

All  positions  may  involve  travel  or  relocating  to  various  client 
sites  through  out  the  US. 

For  consideration  please  send  your  resume  to: 

HCL  America  Technologies,  Inc. 

Attn.:  HR  Dept.  (Computerworld  Ad.) 

330  Potrero  Avenue 
Sunnyvale,  CA  94085 
Email:  cwjobs@hcltech.com 

Please  indicate  the  location  and  the  position  you  are 
applying  for. 

www.hcltechnologies.com 


SAP  Information  Technology 
Consultant  -  Initiate,  plan  &  eval¬ 
uate  ways  to  improve  global 
supply  chain,  scheduling  &  de¬ 
mand  planning  operations  using 
SAP  platform  (R/3,  APO,  ABAP, 
BAPI).  Perform  cost-benefit  an¬ 
alysis  for  different  deployment 
strategies.  Design  integration 
model  w/focus  on  Schedule-X 
interface  w/  SAP  R/3  Enterprise 
Resource  Planning  &  APO.  De¬ 
velop  Business  Scenario  flow 
documents  &  implementation 
analysis  report.  Validate  global 
Demand  Planning  design  in  line 
w/US  requirements.  Design  & 
configure  Supply  Network  Plan¬ 
ning.  Must  be  willing  to  travel  to 
project  sites  throughout  US  & 
abroad  approx.  25-30%  of  time. 
Must  have  Bachelor’s  degree  or 
foreign  equiv.  in  Comp  Sci, 
Engineering,  Business  or  related 
field  +  3  yrs  exp  in  job  offered  or 
cross-modular  SAP  Program¬ 
mer/Analyst.  8:30am-5pm,  M-F. 
OT  as  needed.  $102,549/yr 
Reply  to  Job  Order  #WEB- 
337067,  Manager,  Beaver 
County  Team  PA  CareerLink, 
2103  Ninth  Ave.,  Beaver  Falls, 
PA  15010-3957. 


Quality  Assurance  Engineer  need¬ 
ed  to  initiate,  develop,  implement 
structured  SQA  testing  environ¬ 
ments,  processes,  manuals,  and 
automated  projects,  using  ad¬ 
vanced  knowledge  of  computer 
science  and  engineering.  Must 
have  Master’s  Degree  in  Engin¬ 
eering  or  Computer  Science  plus 
work  experience  with  the  following 
computer  languages:C,  C++. 
Java,  SQL,  PL/SQL  and  testing 
tools  WinRunner,  LoadRunner, 
Silk,  and  Rational  Robot.  Send 
resume  to:  Links  Technology 
Solutions,  Inc.,  444  East  State 
Parkway.  #  219,  Schaumburg.  IL 
60173. 


Senior  Oracle  Database 
Developers  /  Administrators 
(Pharmaceutical) 

A  global  biotechnology  company 
locally  based  in  the  Greater  Boston 
area,  is  engaged  in  the  research, 
development,  manufacture,  and 
marketing  of  prescription  drugs, 
has  an  immediate  need  for  two 
experienced,  highly-skilled  Senior 
Oracle  Database  Developers  /  Ad¬ 
ministrators  (Pharmaceutical).  The 
responsibilities  of  these  senior  level 
positions  involve  the  design,  setup 
and  maintenance  of  clinical  trial 
databases  in  Oracle,  in  accordance 
with  FDA  regulatory  standards.  Pa¬ 
rallel  responsibilities  include  com¬ 
puter  system  validation  and  data¬ 
base  administration  tasks.  Mini¬ 
mum  education  required  is  a  Bach- 
elor’s-level  degree  in  MIS,  CS, 
Math,  Business,  or  a  field  of  engi¬ 
neering.  Minimum  experience  re¬ 
quired  is  at  least  five  (5)  years  in¬ 
volving  Oracle  database  program¬ 
ming  and  administration,  at  least 
two  (2)  years  of  which  specifically 
were  in  the  pharmaceutical  /  bio¬ 
technology  industry  using  PL/SQL, 
Oracle  Forms  and  Reports,  Speci¬ 
fically  required  is  the  demonstrated 
ability  to  design,  set-up,  implement 
and  maintain  clinical  trial  databases 
within  the  federally-mandated 
guidelines  set  forth  in  FDA's  "Good 
Clinical  Practices"  ("GCP^s),  and 
FDA's  21CFR11  re  electronic  sig¬ 
natures.  Also  required  is  the  dem¬ 
onstrated  ability  to  annotate  a  Case 
Report  Form  and  program  edit 
checks  as  indicated  in  a  data  vali¬ 
dation  plan.  Additionally  required  is 
the  demonstrated  ability  to  perform 
validation  of  commercial  off-the- 
shelf  software  and  internally  devel¬ 
oped  applications  and  tools,  adher¬ 
ing  to  FDA  regulatory  standards  on 
computerized  systems.  Finally  re¬ 
quired  is  the  demonstrated  ability 
administering  databases,  creating 
users  and  roles,  and  performance 
tuning  Base  salary  is  $  80,000. 
Benefits  include  fifteen  (15)  days 
paid  vacation,  medical,  dental,  dis¬ 
ability,  life  insurances,  and  other 
industry-competitive  benefits  Qua¬ 
lified  applicants  respond  with  two 
(2)  copies  of  resume  only  to:  Case 
#  200201818,  Labor  Exchange 
Office.  19  Staniford  Street,  1st 
Floor.  Boston,  MA  02114.  An 
EOE/MFHV. 
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ADVENT  GLOBAL 
SOLUTIONS,  INC. 

Advent  Global  Solutions  one  of  the 
fastest  growing  IT  service  compa¬ 
nies  has  the  following  positions 
open  in  two  locations: 

SOFTWARE  ENGINEERS:  to  re¬ 
search,  design,  develop  computer 
software  systems  and  lead  new 
product  development  projects  to 
timely  completion.  Ability  to  evalu¬ 
ate  and  design  SAP  software  is 
required.  Needs  a  Masters  in  CS / 
MIS  or  any  related  degree  com¬ 
bined  with  1  +  years  experience  or 
Bachelors  with  5  years  experience 
in  designing  and  developing  com¬ 
puter  software  systems. 

SYSTEMS  ANALYSTS:  to  analyze, 
design  and  develop  operational 
procedures  to  automate  processing 
and  to  develop  new  systems  to 
improve  production.  Knowledge  of 
SAP,  Oracle,  and  other  business 
related  software  is  essential. 
Needs  Bachelors  in  Engineering/ 
CS  or  in  any  related  field  combined 
with  5  years  relevant  experience  in 
designing  and  developing  comput¬ 
er  software  systems. 

Please  send  resumes  to  the 
respective  addresses: 

3419  N.  Kennicott  Avenue,  Suite  C, 
Arlington  Heights,  IL  60004. 

12777  Jones  Road,  Suite  #  445, 
Houston,  Texas  77070. 


MIS  Administrator  -  Install,  moni¬ 
tor  &  maintain  network  system  soft¬ 
ware  incl.  operating  system,  data 
base  &  data  comm,  control  &  other 
utility  prog;  prov.  tech,  assist  to 
users  in  operation  &  maint.  of  PCs; 
prov.  analysis  &  recommendations 
for  network/systems/infrastructure 
improv.;  formulate  &  track  budget 
expenses  to  ensure  complience 
w/depart.  constraints;  coord.  Syst. 
Integration,  repair  &  installations 
w/intemal  resources  &  outside  ven¬ 
dors;  performs  Network  LAN  mngt, 
troubleshoot,  &  setup  network 
equip,  (hubs,  routers,  brides  & 
switches);  write  prog.  docs.  &  users 
procedures  &  instructions;  docs.  & 
manages  LAN/WAN  architecture  & 
network  policies  &  comm,  network; 
mngt  TCP/IP,  Internet  access;  prov. 
expertise  in  develop,  security  &  fire¬ 
wall  protection  for  the  comp,  net¬ 
work;  configure,  install,  debug, 
troubleshoot  &  maintain  perfor¬ 
mance  of  eng.  computer  syst  incl. 
both  hardware/software  applica¬ 
tions;  maintain  hardware/software 
invent.;  maintain,  manage  &  ex¬ 
pand  company's  phone  syst.  incl. 
Pbx,  switch  mangt  console  &  voice- 
mail;  works  w/&  install  Autocad 
softw.  BS  in  Electrical,  Electronic  or 
Systems  Eng.  &  1  yr  exp  in  job 
offered.  40  hrs  per  wk  M-F  9AM- 
6PM.  Fax  resume  to  RJ  Behar  & 
Company,  Inc.  Attn:  Rober  Behar. 
(954)  680-7781 . 


COMPUTER  PROFESSIONALS 
Opportunities  for: 

•  WEB  ARCHITECTS/ 
DEVELOPERS 

•  SYSTEMS  ANALYSTS 

•  WEB  GRAPHIC  DESIGNERS 

•  NETWORK  ENGINEERS 

•  PROGRAMMER/ANALYSTS 

•  SOFTWARE  ENGINEERS 

SKILLS: 

•  COLD  FUSION  •  SPECTRA 

•  ORACLE  •  VISUAL  BASIC 

•  VISUAL  C++  •  SIEBEL  •  ASP 

•  COM,  DCOM  •  JSP  •  HTML 

•  JAVA,  JAVA  BEAN  •  EJB  JAVA 
SERVLETS  •  WEBSPHERE 

•  IBM  MQ  SERIES  •  XML.UML 

•  MTS  •  CLARIFY  •  PERL 

•  OBJECTPERL  •  SPYPERL 

•  SMALLTALK  •  PL/SQL 

•  VISUAL  AGE  •  COBOL,  SPL, 
UNIX 

Visit  our  website  @ 
www.computerhorizons.com 

Attractive  salaries  and  benefits. 
Please  forward  your  resume  to: 
H.R.  Mgr.,  Computer  Horizons 
Corp.,  49  Old  Bloomfield 
Avenue,  Mountain  Lakes,  New 
Jersey  07046-1495.  Call 
973-299-4000.  E-mail:  jobs@ 
computerhorizons.com.  An 
Equal  Opportunity  Employer  M/F. 


Silicon  Laboratories  Inc.  is  hir¬ 
ing  for  the  following  positions: 

Systems  Design  Engr  (Senior 
Level):  Research,  design  & 
develop  system  level  algorithms 
for  data  conversion  &  communi¬ 
cation  eqpt  mixed  signal  1C 
applications;  apply  computer  & 
electrical  eng'g  analysis  to  set 
operational  specs  &  then  formu¬ 
late  &  analyze  algorithms  req'ts. 
Min  req't:  Ph.D.  degree  in  Elec¬ 
trical  &  Computer  Eng'g.  Job 
site:  Austin,  TX  or  Broomfield, 
CO. 

Product  Marketing  Engr:  Re¬ 
sponsible  for  product  strategy, 
definition,  pricing  &  promotion 
on  a  family  of  mixed  signal  ICs 
for  wireless  products;  provide 
customer  support  &  interact  with 
other  companies'  design,  manu¬ 
facturing  and  finance  groups. 
Min  req't:  BSEE  or  BSCE  plus  2 
yrs.  exp. 

Jobsite:  Austin,  TX.  Please  send 
ad  &  resume  to  HR  Dept,  Silicon 
Laboratories  Inc.,  4635  Boston 
Lane,  Austin,  TX  78735. 


Programmer  Analyst  (multiple 
openings)  -  Design,  develop,  test 
and  implement  computer  applica¬ 
tions  using  one  (1)  or  more  of  the 
following:  RPG/400,  AS/400,  ILE / 
RPG,  CL/400,  SQL/400,  Visual 
Basic  and/or  C++.  Req’s.  Bach's  in 
CS,  Systems  Analysis,  CIS,  MIS, 
Computer  Engg.,  Computer  Sci 
and  Engg.,  Electrical  Engg.,  Elec¬ 
tronic  Engg.  or  Math  or  its  equiv.  in 
edu.  and  exp.  plus  2  yrs  exp.  in  job 
offered  or  2  yrs  exp.  in  a  related 
occup.  as  a  Programmer,  Pro¬ 
grammer  Analyst,  Systems  Ana¬ 
lyst,  Senior  Systems  Analyst,  Soft¬ 
ware  Engineer  or  Consultant.  Will 
accept  3  yrs  of  college  edu.  plus  3 
yrs  exp.  in  job  offered  or  in  a  relat¬ 
ed  occup.  in  lieu  of  the  req'd  edu. 
and  exp.  Will  also  accept  any 
equally  suitable  combination  of 
edu.,  training  and/or  exp.  which 
would  qualify  an  applicant  to  per¬ 
form  the  duties  of  job  offered. 
$83,387.20/yr„  40  hrs/wk.,  8a-5p, 
M-F.  Submit  resume  to  MDCD/ 
ESA,  P.O.  Box  11170,  Detroit,  Ml 
48211-1170.  Ref.  No.  210492. 
Employer  Paid  Ad. 


VICE  PRESIDENT  OF  IT 
OPERATIONS  -  Los  Angeles. 
Direct  management  &  strategic 
development  of  IT  operations  of 
worldwide  publisher  of  interac¬ 
tive  entertainment  &  productivity 
software.  Bachelor’s  in  comput¬ 
er  sci.,  Computer  studies  infor¬ 
mation  systems  or  engineering  + 
6  yrs  experience  in  job  offered  or 
6  yrs  experience  managing  IT 
operations,  including  managerial 
responsibility  for  design  & 
administration  of  enterprise¬ 
wide  info  systems.  Must  have 
knowledge  of  network  infrastruc¬ 
ture,  directory  services  &  digital 
asset  mgt  systems.  Must  be  flu¬ 
ent  in  spoken  &  written  French, 
including  IT  terminology.  Send 
resume  &  letter  to  HR  VPIT, 
Vivendi  Universal  Games,  Inc., 
6080  Center  Dr.,  Los  Angeles, 
CA  90045. 


Senior  Analyst  (Oracle  Applications 
and  Databases)  needed  in  the 
analysis,  architecture,  administra¬ 
tion,  maintenance,  design,  and 
implementation  of  Oracle  Applica¬ 
tions  and  Databases,  using  ad¬ 
vanced  knowledge  of  computer  sci¬ 
ence  and  engineering  as  well  as 
particular  computer  utilities.  Bach¬ 
elor’s  Degree  in  Computer  Science 
or  Computer  Science  Engineering 
required  plus  prior  work  experience 
with  Oracle  Applications  and  Data¬ 
bases.  Positions  in  California  and 
Illinois  available.  Send  resume  to 
Mr.  Brian  Burke,  Links  Technology 
Solutions,  Inc.,  444  East  State 
Parkway,  Suite  219,  Schaumburg, 
IL  60173. 


Software  Engineer 

(Requires  Masters  degree  and 
two  years  experience.)  -  Job 
entails  and  requires  experience 
in  design,  development  and 
implementation  of  enterprise 
level  applications  using  C, 
VC++,  .NET  and  Oracle;  design 
and  development  ex-perience 
must  include  Unix,  NT  and  IRIX 
platforms.  Attractive  compensa¬ 
tion  package.  Send  resumes  to 
Calvin  Whittington,  The  Library 
Corporation,  Research  Park, 
Inwood,  WV  25428. 


Systems  Admin’s,  to  install, 
maintain,  support/administer 
operating  systems  like  Unix, 
Linux,  AIX,  Solaris,  Web 
Servers  like  Apache,  IIS  and 
application  servers  like 
Weblogic,  Websphere;  respon¬ 
sible  for  system  security,  UNIX 
Kernel  and  Oracle  database 
tuning&network  performance 
tuning;  configure  storage 
devices  using  Veritas  Volume 
Manager.  Require:  BS  or  foreign 
equiv.  in  CS/Engg.  (any  branch) 
&  2  yrs  of  exp.  in  IT.  Travel 
required.  High  Salary.  F/T. 
Resume  to:  HR,  Fourth 
Technologies,  Inc.,  585  Tollgate 
Road  Suite  I,  Elgin,  IL  60123. 


Seeking  qualified  applicants  for  the 
following  positions  in  Memphis/ 
Collierville,  TN:  Senior  Program¬ 
mer  Analyst.  Formulate/define  fun¬ 
ctional  requirements  and  documen¬ 
tation  based  on  accepted  user  cri¬ 
teria.  Requirements:  Bachelor's 
degree*  in  computer  science,  MIS, 
engineering  or  related  field  plus  5 
years  of  experience  in  systems/ 
applications  development.  Experi¬ 
ence  with  Oracle  and  UNIX  Script¬ 
ing  also  required.  ‘Master's  degree 
in  appropriate  field  will  offset  2 
years  of  general  experience.  Sub¬ 
mit  resumes  to  Sibi  George,  FedEx 
Corporate  Services,  1900  Summit 
Tower  Blvd.,  Suite  1400,  Orlando, 
FL  32810.  EOE  M/F/D/V. 


Edify  Technologies,  Inc.  needs 
Programmer  Analysts:  Bach¬ 
elor's  degree  in  Computer  or 
related  field  with  2  years  expe¬ 
rience  in  C#,  Unix  Internals, 
Ant,  C/C++,  Bugzilla,  Web- 
Logic,  Tornado,  ClearCase/ 
Quest/Make,  VxWorks,  Web- 
services.  We  accept  foreign 
education  degree  or  the  de¬ 
gree  equivalent  in  education 
and  experience.  Send  your 
resume  with  covering  letter  to: 
Edify  Tech.  Inc.  1318  E 
Algonquin  Road,  2H,  Schaum¬ 
burg,  IL  60173.  E-mail: 
resumes@edifytech.com. 


Systems  Analyst  -  Oracle 

3-5  years  experience  supporting 
payroll  and  HR  systems.  Signifi¬ 
cant  experience  with  Oracle  da¬ 
tabases  and  applications.  Know¬ 
ledge  of  database  management 
systems.  Project  management 
experience.  Strong  Unix  skills 
along  with  query  languages 
such  as  PL/SQL  and  SQL. 
Knowledge  and  understanding 
of  3rd  party  report  writers  includ¬ 
ing  Noetix  and  Crystal  Reports. 
Please  send  resume  to:  Embry- 
Riddle  Aeronautical  University, 
HR  Dept.,  600  S.  Clyde  Morris 
Blvd.,  Daytona  Beach,  FL 
32114. 


SOFTWARE  ENG  De¬ 
sign  &  implement  com¬ 
plex  operating  software 
applications.  B.S.  Comp 
Science  or  equiv.  &  2 
years  programming 
experience,  must  be 
proficient  in  PeopleSoft 
&  related  programs. 
Apply  to:  Harland  Co., 
Attn:  Caryl  James, 
2939  Miller  Road 
Atlanta,  Ga  30035. 


SOFTWARE  ENGINEER: 
Experience  in  full  product 
life  cycle  &  banking  secu¬ 
rities  applications.  Famil¬ 
iarity  with  VB3,  PL/SQL, 
UNIX,  ASP,  Oracle, 
Foxpro2.5.  Mail  resume 
to:  Corporate  Software 
Solutions,  Inc.,  4251 
Route  9  North  Bldg.  A  #C, 
Freehold,  NJ  07728. 


Prog/Analysts  to  analyze,  devel¬ 
op,  maintain  software  appls 
using  Oracle  Applications, 
Oracle,  PL/SQL,  Dev  2000,  etc 
under  Windows/UNIX  OS;  con¬ 
duct  functional  testing/debug¬ 
ging;  perform  data  conversions, 
customize  Forms/Reports  using 
Oracle  Applications  standards; 
document,  maintain  &  update 
development  process.  Require: 
BS  or  foreign  equiv.  in  CS/Engg. 
(any  branch)  or  related  field  & 
2yrs  of  exp.  in  IT.  Travelinvolved. 
F/T  position.  Comp.  Salary. 
Respond  to:  HR,  Bahwan 
Cybertek  Technologies,  Inc., 
209  West  Centra!  Street,  Ste 
312,  Natick,  MA  01760. 


Technical  Support  Manager 
for  distributor  and  value 
added  reseller  of  internet¬ 
working  solutions  located  in 
Miami,  Florida.  Bachelor 
Degree  in  Electronics  or 
System  Engineering  or  for¬ 
eign  equivalent  and  2  yrs. 
exp.  in  job  offered  or 
telecommunications  related 
area.  Send  resume  to 
CLAdirect,  Inc.;  attn:  HR 
Dept.,  8600  N.W.  17th 
Street,  Suite  140,  Miami,  FL 
33126. 


Software  Engineers  needed  at 
client  sites  to  dsgn,  dvlp,  inte¬ 
grate  &  support  computing  & 
switching  systems  for  computer- 
telephony,  telecom,  n/working  & 
related  fields  using  Dialogic 
DNA  voice  boards,  CT-Connect, 
CTI-IVR,  ACD,  PLC- 
Programming  (Ladder  Logic)  & 
SCADA  systems,  PLC-PC 
n/work,  Voice-Over-Packet  solu¬ 
tions,  Tl-54x  series  of  DSPs, 
RM7000  series  of  processors, 
PMC-Sierra  Framer  &  FXS  card. 
Send  resume  to:  Hireme,  Global 
Consultants.  25  Airport  Rd, 
Morristown,  NJ  07960. 
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Witness  Systems,  Inc.  seeks  to 
qualified  applicants  for  the  fol¬ 
lowing  positions: 

■  Software  Support  Engineer: 
Must  have  Master's  degree 
or  equivalent  in  Electronics 
Engineering  or  related  field. 
Must  have  2  years  of  experi¬ 
ence  in  the  position  offered 
or  2  years  in  Programming 
Engineering. 

•  Senior  Java  Developer:  Must 
have  Master's  degree  or 
equivalent  in  Computer 
Science  or  related  field.  Must 
have  2  years  of  experience 
in  the  position  offered  or  2 
years  in  Software  Engin¬ 
eering. 

For  all  positions  salary  commen¬ 
surate  with  experience.  Must 
have  legal  authority  to  work  in 
the  U.S.  Send  resume  and  cover 
letter  to  Sheri  Mattison, 
Employment  Manager,  Witness 
Systems,  Inc.  300  Colonial 
Center  Parkway,  Roswell,  GA 
30076. 


Volition,  Inc.  (a  wholly-owned 
subsidiary  of  THQ,  Inc.)  has 
an  opening  for  a  Game 
Programmer  in  Champaign, 
IL.  MS  in  CS/CE  +  6-12  mos. 
as  junior  game  program¬ 
mer/video  game  design.  De¬ 
velopment  of  a  cross  plat¬ 
form  game  engine;  physics 
modeling  and  artificial  intelli¬ 
gence  programming;  transla¬ 
tion  of  visual  style  into  code; 
3D  graphics  programming  for 
the  game  engine.  Fax 
resume  to  Mike  Kulas  @ 
818-871-7590. 


A  developer  of  FEA  software 
systems,  seeks  qualified  profes¬ 
sionals  to  fill  the  following  posi¬ 
tions  in  our  Los  Angeles  office: 
Project  Engineers  to  define  new 
product  specifications  &  local¬ 
ization  features  of  FEA  software. 
Technical  Support  and  Quality 
Assurance  Engineers  to  provide 
FEA  software  support  and  test¬ 
ing.  Technical/Training  Engin¬ 
eers  to  provide  training  and  field 
application  engineering  support 
for  FEA  software,  25-30%  travel 
required.  Interested  applicants 
should  send  resume  to: 
Department  LAF#1,  SolidWorks 
Corporation,  300  Baker  Avenue, 
Concord,  MA  01742.  EOE. 


is  the  place  where 
your  fellow  readers 
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Applications  Development  Analyst 
(Boston,  MA)  -  Provide  technology 
relationship  mgmt  in  support  of 
specific  line-of-business  initia¬ 
tives;  lead  key  project  resources 
on  Portal  development  using  de¬ 
velopment  methodology  &  CMM; 
mentor  technical  team  leads  in 
Internet,  Intranet  related  projects, 
&  medium-to-large  sys  projects; 
design,  develop  &  maintain  busi¬ 
ness  processes;  provide  consulta¬ 
tion  In  software  engineering  pro¬ 
cesses,  procedures  &  methodolo¬ 
gies;  contribute  to  development  of 
tech  strategies/business  sys  an¬ 
alysis  &  design;  visualize,  concep¬ 
tualize  &  define  business  solu¬ 
tions;  translate  solutions  into  tech¬ 
nical  terms  via  sys  analysis,  archi¬ 
tecture  design,  solution  architec¬ 
ture  &  sys  specs;  perform  com¬ 
plex  research  &  analysis  to  identi¬ 
fy  &  resolve  cross-divisional  pro¬ 
ject  issues;  review,  analyze  & 
evaluate  business  sys  &  user 
req's;  formulate  sys  to  parallel 
business  strategies;  determine 
user  needs,  program  functions  & 
req's  to  develop/modify  computer 
programs;  collaborate  w /  technical 
team  in  data  &  object  design; 
develop  business  value  technolo¬ 
gy  &  infrastructure  enhancement 
projects;  expand  technical  devel¬ 
opment  methodology  to  include 
web  architecture  standards; 
assess  needs  of  business  part¬ 
ners,  identify  opportunities,  ana¬ 
lyze  issues,  recommend  courses 
of  action  &  assist  in  implementing 
solutions.  Min.  req's:  Master's  in 
MIS  or  rel.  field  +  2  yrs  exp  in  posi¬ 
tion  offered  or  2  yrs  in  business 
sys  development.  Must  have 
knowledge  of:  XML  &  Oracle;  sys 
analysis  and  design  tools  incl: 
CMM,  object  oriented  analysis 
and  design,  and  UML;  financial 
analysis,  incl  ROI  calculation; 
enterprise  systems;  database 
technologies;  &  business  produc¬ 
tivity  tools.  Must  have  unrestrict¬ 
ed  authorization  to  work  in  U.S. 
M-F,  8:30  AM  -  5:30  PM,  40 
hrs/wk.  Salary  range:  $95,000- 
$105,000/yr.  An  EOE.  Send  2 
copies  of  resume  to  Case  No. 
200202551,  Labor  Exchange 
Office,  19  Staniford  St.,  1st  FI., 
Boston,  MA  02114. 


Web  Developer 

Conseco  has  positions  for  pro¬ 
grammers  to  research,  design, 
and  develop  internet  website 
using  vignette  software  as  web¬ 
site  platform,  including  .ASP 
development  and  modular/ 
adapter  development  with  V5/6 
platform,  BIS  method  develop¬ 
ment  including  advanced  data 
manipulation  and  logic  develop¬ 
ment  and  XML  coding  with  XLS 
parsing  for  FITML  presentation 
layer,  complex  relational  data¬ 
base  design/technology,  SQL / 
stored  procedure  management, 
UNIX-based  environments,  inte¬ 
gration  of  third-party  product  into 
vignette  environment  using 
.ASP  within  the  vignette  plat¬ 
form,  XML,  XSL,  HTML,  PERL, 
CGI,  jsp/Java  (J2EE  compliant) 
in  Microsoft  operating  systems. 
Duties  include  consulting  with 
other  computer  professionals  to 
evaluate  interface  between 
hardware  and  software  and 
operational  performance  req¬ 
uirements  of  system;  developing 
and  directing  software  systems 
testing  procedures,  program¬ 
ming,  and  documentation;  and 
consulting  with  system  users 
concerning  maintenance  of  sys¬ 
tem  software  and  coordination 
of  installation  of  software  sys¬ 
tem.  Candidates  must  have  a 
bachelor's  degree  in  computer 
science  or  related  field.  Please 
send  resume  to:  Bernard  Hodes 
Group  Reply  Service.  #80608, 
8440  Woodfield  Crossing  Blvd., 
Suite  290,  Indianapolis,  IN 
46240.  No  phone  calls,  please. 
An  equal  opportunity  employer. 


At  Chemical 
Abstracts  Service, 
you  will  find 
state-of-the-art 
technology  and 
talented 
professionals 
providing  the 
world’s  largest 
databases  of 
chemical 
information  to 
scientists  around 
the  world.  Our 
software,  online 
services,  and  web 
products  are 
recognized  as 
technologically 
innovative.  IT  is  a 
mainstay  at  CAS, 
not  a  minor 
consideration.  On 
our  attractive 
campus,  you  will 
team  with 
top-notch  peers  in 
a  business  casual 
environment. 

CAS  utilizes  the 
latest  client/ 
server,  Object 
Oriented, 

Internet,  Oracle, 
Sybase  and 
imaging 
technologies. 


We  are  looking  for  a  team-oriented  IT  professional  for  the 
following  position: 


MANAGER,  INFORMATION 
SYSTEM  SERVICES 


The  selected  candidate  will  oversee  all  computing  operations 
and  technical/infrastructure  support.  You'll  also  create/implement 
growth  strategies  for  our  IS  Department,  which  is  responsible 
for  network  and  data  telecommunications,  database  and  storage 
management,  data  center  and  computer  operations,  server 
hardware  maintenance,  help  desk,  PC  support,  web  infrastructure, 
and  hardware/software  budgets.  We  require  10  to  12  years'  IT 
experience,  with  3  years  in  a  managerial  role.  A  degree  or 
equivalent  work  experience  is  also  essential,  as  is  expertise  in 
UNIX,  Windows,  MVS,  and  "best  practices."  A  chemistry 
background  is  desired. 


In  addition  to  working  with  mission-critical  applications,  some 
leading-edge  technologies,  and  an  outstanding  technical  team, 
CAS  offers  competitive  compensation  and  an  excellent  benefits 
package,  including  flexible  hours,  company-paid  retirement/ 
disability  plans  and  employee  savings  plans. 


Email  your  resume  including  salary  requirements  to; 

jobs@cas.org 


Chemical  Abstracts  Service,  Human  Resources 
Department/JD,  2540  Olentangy  River  Road,  Columbus, 
OH  43202- 1 505.  Fax  6 1 4-447-38 1 6.  For  more  information 
about  CAS,  refer  to  our  web  page  at  www.cas.org.  Equal 
Opportunity  Employer. 


SOFTWARE  ENGINEER:  Soft¬ 
ware  engineer  to  design,  devel¬ 
op  and  test  computer  programs 
for  business  applications;  ana¬ 
lyze  software  requirements  to 
determine  feasibility  of  design; 
direct  software  system  testing 
procedures  using  expertise  in 
Progress  4GL,  MFG/PRO, 
Cognos,  XML  and  CIM.  Req¬ 
uirements:  Bachelors  Degree  or 
equivalent  in  Computer  Science 
or  related  field  and  two  years 
experience  as  a  software  engi¬ 
neer  or  computer  programmer, 
knowledge  of  Progress  4GL, 
MFG/PRO,  Cognos,  XML  and 
CIM.  Salary:  $90, 000/year. 
Working  Conditions:  8:00  A.M. 
to  5:00  P.M.,  40  hours/week, 
involves  extensive  travel  and 
frequent  relocation.  Apply: 
Manager,  Armstrong  County 
Team  PA  CareerLink,  1270 
North  Water  Street,  PO  Box  759, 
Kittanning,  PA  16201,  Job  No. 
WEB337358. 


SOFTWARE  ENGINEER: 
Multiple  openings  for  software 
engineers  to  design,  develop 
and  test  computer  programs  for 
business  applications;  analyze 
software  requirements  to  deter¬ 
mine  feasibility  of  design;  direct 
software  system  testing  proce¬ 
dures  using  expertise  in  Visual 
Studio. Net,  ASP.Net,  XML, 
Oracle  and  C#.  Requirements: 
Bachelor's  Degree  or  equivalent 
in  Computer  Science  or  related 
field  and  two  years  experience 
as  a  software  engineer  or  com¬ 
puter  programmer,  knowledge  of 
Visual  Studio.Net,  ASP.Net, 
XML,  Oracle  and  C#.  Salary: 
$66,000/year.  Working  Cond¬ 
itions:  8:00  A.M.  to  5:00  P.M.,  40 
hours/week,  involves  extensive 
travel  and  frequent  relocation. 
Apply:  Job  Center/CareerLink 
Supervisor,  Indiana  County 
CareerLink,  300  Indian  Springs 
Road,  Indiana,  PA  15701,  Job 
No.  WEB337367. 
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Req'd:  Computer  Software  De¬ 
veloper  (Delphi  Programmer): 
Develop  programs  and  applica¬ 
tions  for  microcomputers  and 
LAN  stations:  Design  database 
management  systems  and  envi¬ 
ronment  for  MSDOS  and  Win¬ 
dows  '95  operating  systems  uti¬ 
lizing  various  software  applica¬ 
tions  written  in  either  DATA- 
FLEX,  C  or  Delphi;  Engage  in 
client  server  applications  and 
SQL  Database  set  up  and  de¬ 
sign;  Prepare  functional  specifi¬ 
cations  and  design  software  pro¬ 
grams  and  modifications  for  sci¬ 
entific  engineering  and/or  busi¬ 
ness  applications;  Test  units  and 
computer  software  systems  and 
conduct  end  user  training  pro¬ 
grams.  Must  have  bachelor’s  de¬ 
gree  or  equivalent  in  Electronic 
Communications  and  three  (3) 
years  experience  in  the  position 
offered.  Equivalency  must  be 
based  upon  only  educational  cre¬ 
dentials  as  determined  by  an 
accredited  Credentials  Evaluat¬ 
or.  40hrs/wk  @  62,718.24  per 
year.  Must  have  proof  of  legal 
authority  to  work  in  the  U.S. 
Send  resume  to:  PO  Box  11170 
Detroit.  Michigan  48202.  Refer¬ 
ence  NO.:  211078.  EMPLOYER 
PAID  AD. 
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Privacy  Law 

and  database  security. 

The  new  law,  SB  1386,  re¬ 
quires  companies  to  inform 
customers  when  their  names 
—  in  combination  with  either 
their  Social  Security  numbers, 
driver’s  license  numbers  or 
credit/debit  card  numbers 
with  personal  identification 
numbers  —  have  been  ac¬ 
cessed  by  an  unauthorized 
person  [QuickLink  38357]. 

But  confusion  about  what 
some  observers  characterize 
as  a  poorly  written  piece  of 
legislation  has  given  way  to 
panic  during  the  past  two 
weeks,  officials  in  the  IT  secu¬ 
rity  and  legal  sectors  said. 

“Companies  are  literally 
shocked  by  this  law,  and  many 
big  companies  are  terrified,” 
said  Bob  Walters,  CEO  of 
Teros  Inc.  in  Santa  Clara, 

Calif. 

“Under  a  broad  reading  of 
1386,  even  virus  incidents  that 
corrupt  large  amounts  of  data 
must  be  reported,  even  if  there 
is  no  compromise  of  personal 
information,”  said  Michael  R. 
Overly,  a  partner  at  the  Los 
Angeles  office  of  law  firm  Fo¬ 
ley  &  Lardner.  “Very  large 
class-action  lawsuits  are  on 
the  horizon.” 

No  Mention  of  Standards 

Under  the  law,  the  theft  of 
data  that’s  encrypted  doesn’t 
have  to  be  reported.  But  be¬ 
cause  the  law  makes  no  men¬ 
tion  of  industry  security  stan¬ 
dards,  particularly  the  appro¬ 
priate  level  of  encryption 
needed  to  protect  customer 
data,  some  companies  may 
feel  forced  into  taking  drastic, 
costly  actions,  said  Overly. 

“What  some  companies  are 
thinking  of  doing  is  assigning 
a  random  number  to  a  cus¬ 
tomer  name  in  one  database 
and  linking  that  random  num¬ 
ber  to  the  personally  identifi¬ 
able  information  stored  in  a 
completely  separate  database,” 
he  said.  “This  would  require 


major  changes  to  large  compa¬ 
ny  databases.” 

Eric  Beasley,  senior  network 
administrator  at  Baker  Hill 
Corp.,  an  application  service 
provider  to  the  financial  in¬ 
dustry,  said  that  although  the 
burden  would  be  on  financial 
institutions  to  notify  cus¬ 
tomers  of  breaches,  the  new 
law  has  forced  his  company  to 
purchase  a  Web  application 
firewall  from  Teros  and  study 
database  encryption  options. 

But  performance  issues  are  a 
concern  with  encryption,  he 
said.  Consequently,  Carmel, 
Ind.-based  Baker  Hill  is  study¬ 
ing  a  possible  move  from  the 
32-  to  the  64-bit  version  of  Mi¬ 
crosoft  SQL  Server,  which 
promises  considerably  higher 
performance.  “That  holds  the 
promise  of  being  able  to  do  en¬ 
cryption  without  significantly 
reducing  the  performance  we 
have  today,”  Beasley  said. 

Network  performance  is  far 


Continued  from  page  1 

European  VAT 

tions,  the  company  set  up  a 
subsidiary  in  London.  That 
lets  it  charge  the  U.K.  VAT 
rate  of  17.5%  to  all  European 
customers  who  download 
products  from  its  clients. 

Ronning  said  the  centralized 
operation  includes  systems 
that  can  handle  all  European 
business,  including  databases 
that  correlate  the  locations  of 
customers  and  track  the  VATs 
in  different  jurisdictions  for 
comparative  purposes. 

By  July  1,  companies  based 
outside  the  EU  must  register 
with  European  tax  authorities 
to  levy,  collect  and  remit  the 
VAT  on  sales  of  various  digital 
goods  and  services. 

Under  a  directive  issued  by 
the  EU  in  May  2002,  compa¬ 
nies  that  don’t  have  a  physical 
presence  in  an  EU  member 
nation  must  assess  the  tax  at 
the  rates  charged  by  the  coun¬ 
tries  where  individual  cus¬ 
tomers  are  located. 


CHECKLIST 


Preparing  for 
SB  1386: 

■  Encrypt  all  customer  data. 
Stolen  data  that's  encrypted 
doesn’t  have  to  be  reported. 

■  Don’t  collect  any  customer 
data  you  don’t  need. 

■  Don’t  store/link  customer 
names  directly  to  Social  Security 
numbers,  driver's  license  numbers 
or  financial  access  codes. 

■  Invest  in  tools  that  do  custom¬ 
er  tracking  and  internal  employee 
monitoring/access  control. 

■  Investigate  wireless  security 
protections. 


from  the  only  issue  facing 
companies.  Don  Ulsch,  man¬ 
aging  director  and  CEO  of 
Janus  Risk  Management  Inc. 
in  Marlboro,  Mass.,  said  SB 
1386  cuts  across  virtually 
every  corporate  function,  in- 


AOL  International,  a  divi¬ 
sion  of  New  York-based  AOL 
Time  Warner  Inc.,  has  about 
6.3  million  dial-up  and  broad¬ 
band  customers  in  Europe  and 
in  response  to  the  VAT  has 
centralized  its  Internet  service 
provider  operations  for  the 
EU  in  Luxembourg,  said 
spokeswoman  Mia  Kulla. 

“If  we  hadn’t  done  this,  we 
would  have  had  to  comply 
with  15  different  tax  regimes, 
which  was  not  a  viable  busi¬ 
ness  option,”  Kulla  said.  She 
declined  to  comment  on  how 
much  it  has  cost  AOL  Interna¬ 
tional  to  set  up  the  operations 
in  Luxembourg  but  said  the 
VAT  won’t  result  in  higher 
prices  for  customers. 

On  the  other  hand,  Scott 
Pendergrast,  co-founder  of 
Fictionwise  Inc.  in  Chatham, 
N.J.,  said  it  wouldn’t  have  been 
economically  feasible  to  invest 
in  a  European  operation.  In¬ 
stead,  the  seller  of  e-books  is 
preparing  to  collect  the  tax  in 
different  countries,  although 
Pendergrast  said  it’s  doing  so 
reluctantly. 


eluding  IT  security,  physical 
security,  classification  man¬ 
agement,  process  linkage,  hu¬ 
man  resources  operations  and 
environmental  monitoring. 

According  to  Ulsch,  the  new 
law  will  put  an  even  higher 
premium  on  internal  monitor¬ 
ing,  access  control  and  per¬ 
sonnel  risk  management  be¬ 
cause  it  “will  make  it  easier  to 
conduct  internal  sabotage  op¬ 
erations  by  purposefully 
breaching  security  in  order  to 
financially  and  legally  jeopar¬ 
dize  the  company.” 

Customer-tracking  tools 
and  network  monitoring  soft¬ 
ware  capable  of  differentiating 
between  genuine  performance 
problems  and  security  inci¬ 
dents  that  affect  performance 
will  also  be  critical  in  helping 
companies  determine  when 
they  must  make  a  public  re¬ 
port,  said  Rajeev  Khanolkar, 
CEO  of  netForensics  Inc.  in 
Edison,  N.J.  “If  you  don’t  know 


“I  think  paying  it  is  ridicu¬ 
lous,  and  it’s  unfair  for  a  for¬ 
eign  government  to  make  me  a 
tax  collector,”  he  said.  “I  have 
enough  trouble  keeping  track 
of  the  the  U.S.  tax  code.” 

Pendergrast  said  he  plans  to 
assign  one  of  Fictionwise’s 
two  internal  developers  to 
write  code  to  automate  the 
VAT  assessment  and  remit¬ 
tance  process,  although  he  be¬ 
lieves  the  company  is  exempt 
from  the  tax  for  now  because 
its  annual  European  sales  total 
less  than  100,000  euros 
($114,283).  However,  an  EU 
spokesman  said  there  is  no 
such  exemption. 

Some  businesses  are  ques¬ 
tioning  whether  they  need  to 
collect  the  new  tax  on  the 
grounds  that  European  courts 
wouldn’t  have  jurisdiction 
over  them,  said  Jon  Abolins, 
vice  president  of  tax  and  gov¬ 
ernment  affairs  at  Taxware,  a 
Salem,  Mass.-based  division  of 
GovOne  Solutions  LP  that  de¬ 
velops  e-commerce  software. 

Taxware  has  been  hearing 
from  some  customers  that  are 


what  has  been  compromised, 
you  may  be  forced  to  disclose 
a  potential  compromise  of 
your  entire  database,”  he  said. 

The  new  law  may  also 
change  the  way  companies 
view  and  deploy  wireless  net¬ 
works,  said  Ulsch.  “With  so 
much  at  risk,  companies  will 
have  to  look  very  seriously  at 
wireless  and  the  security  im¬ 
plications,”  he  said. 

But  Overly  said  there  may 
be  a  bigger  problem  on  the 
not-too-distant  horizon.  “Look 
what  has  happened  with 
spam,”  he  said.  “We  now  have 
dozens  of  different  spam  laws. 
If  individual  states  start  doing 
what  California  is  doing,  com¬ 
panies  could  be  faced  with 
every  state  having  different  se¬ 
curity  requirements.”  I 


MORE  THIS  ISSUE 

Computerworlif  s  Robert  L.  Mitchell  dis¬ 
cusses  ways  companies  can  brace  for  the 
spate  of  new  data  privacy  laws.  Page  34 


“scrambling”  to  get  ready  for 
the  VAT,  but  others  are  asking 
if  they  can  just  ignore  it,  Abo¬ 
lins  said.  He  has  been  advising 
companies  not  to  do  so,  be¬ 
cause  there  is  speculation  that 
EU  countries  might  not  fight 
to  protect  the  intellectual 
property  rights  of  sellers  that 
fail  to  collect  the  VAT.  “I  don’t 
think  any  business  wants  to  be 
characterized  in  the  EU  as  a 
tax  cheat,”  he  added. 

Matthew  King,  a  trade 
spokesman  for  the  European 
Commission,  the  EU’s  execu¬ 
tive  arm,  said  it  will  be  up  to 
each  of  the  15  nations  to  de¬ 
cide  how  to  enforce  the  VAT 
directive.  According  to  King, 
the  EU  approved  the  VAT  plan 
after  content  providers  based 
in  Europe  complained  that 
they  were  at  a  competitive  dis¬ 
advantage  because  they  al¬ 
ready  have  to  collect  the  tax.  I 


LOCATION  CHALLENGES 

Companies  say  it  won’t  be  easy  to  confirm 
which  EU  country  a  customer  is  based  in: 
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FRANK  HAYES  ■  FRANKLY  SPEAKING 


Sabotage  Solution 

Say  you’re  an  it  manager  with  a  project  that’s  doomed.  You 
know  it’s  doomed.  Everyone  on  the  project  team  knows  it’s 
doomed.  Maybe  it’s  underfunded,  or  the  technology  turned 
out  to  be  half-baked,  or  it’s  beyond  the  skills  of  your  team, 
or  it’s  just  hopelessly  off  the  tracks.  Maybe  you  argued 
against  it,  but  it  has  powerful  sponsorship  and  there’s  no  way  you 
can  talk  the  powers  that  be  into  shutting  it  down. 

Is  it  time  for  a  little  sabotage  to  put  it  out  of  your  misery? 

Of  course,  sabotage  is  wrong.  We  all  know  that.  But  which  is 
worse:  torpedoing  a  doomed  project,  or  flushing  time  and  budget 
and  morale  down  the  drain  in  a  futile  effort  to  make  it  work? 


Or  suppose  some  user’s  PC  fails  intermittent¬ 
ly.  It  doesn’t  happen  every  day,  but  every  time  it 
does,  the  user  loses  time  and  work  and  a  little 
more  sanity.  The  user’s  manager  is  demanding 
that  you  fix  the  PC,  but  there’s  no  problem  you 
can  identify  and  reproduce.  You  know  the  right 
solution  is  to  replace  the  PC,  but  as  long  as  it 
tests  out  OK  on  the  bench,  corporate  policy 
says  it  must  be  put  back  in  service. 

Do  you  make  sure  it  gets  a  little,  er,  help  to 
fail  on  the  bench,  so  that  poor  user  can  get  a 
reliable  PC  again? 

Now  try  this  one:  For  the  first  time,  your 
team  has  been  assigned  a  user  to  help  identify 
problems  with  an  important  application.  The 
user  doesn’t  understand  how  your  shop  does 
things,  doesn’t  have  the  clout  or  charisma  to 
overcome  outsider  status  and  has  slowed 
progress  to  a  crawl  with  all  his  questions  and 
objections.  And  you  know  that  if  this  project  is 
completed,  you’ll  have  users  on  lots  of  future 
projects  —  all  with  the  same  problems. 

Do  you  drive  the  project  —  and  the  user  — 
straight  into  the  ground,  just  to  avoid  all  that 
trouble? 

It’s  sad  but  true:  Sabotage  is  a 
slippery  slope.  At  heart,  it’s  about 
breaking  things  instead  of  making 
them  work,  destroying  instead  of 
building.  It’s  an  ugly  concept  that 
runs  counter  to  everything  you’re 
supposed  to  be  doing,  a  notion 
nasty  enough  that  in  most  IT  shops 
it’s  never  even  mentioned  out  loud. 

Trouble  is,  in  most  IT  shops  it’s 
also  a  reality.  In  fact,  it’s  a  necessity. 

Sabotage  shouldn’t  happen.  But 
then,  neither  should  ill-conceived 
projects  or  wrong-headed  policies. 


And  ugly  as  it  may  be,  sometimes  sabotage  is 
the  least  ugly  of  the  real  options  available. 

Ironic,  isn’t  it?  You  want  your  IT  people  to  do 
what’s  right  for  users  and  the  business  —  to 
keep  time  and  effort  and  budget  from  being 
wasted.  But  sometimes  they  can’t  do  that  with¬ 
out  a  little  sabotage.  And  you  can’t  encourage 
them  to  keep  doing  what’s  right  for  users  and 
the  business  unless  you  tolerate  that  sabotage. 

But  if  you’re  too  tolerant  of  it,  you’ll  end  up 
with  self-serving  sabotage  —  the  kind  that 
doesn’t  help  users  or  the  business  at  all,  but  is 
just  a  convenient  way  to  cut  corners  and  avoid 
challenges. 

How  can  you  be  sure  you’ll  get  only  the  right 
kind  of  sabotage?  You  can’t.  Remember,  sabo¬ 
tage  is  unmentionable.  You  can’t  clearly  explain 
what  kind  is  OK  and  what’s  not.  And  you  can’t 
officially  support  it,  because  by  definition  sabo¬ 
tage  is  against  the  rules. 

So  you’ll  have  to  depend  on  nudges  and  hints 
and  the  good  judgment  of  your  staff.  You’ll  also 
need  to  watch  out  for  cases  of  the  wrong  kind 
of  sabotage,  to  stop  them  quickly  and  publicly. 

If  you  can’t  explain,  at  least  you 
want  to  offer  lots  of  examples. 

Does  all  this  subtlety  and  ambi¬ 
guity  make  you  uncomfortable? 
Good  —  it  should.  You  really 
shouldn’t  need  sabotage  to  serve 
users  and  your  business.  That  dis¬ 
comfort  should  motivate  you  to 
keep  chopping  away  at  the  things 
that  make  sabotage  necessary  — 
the  foolish  rules,  the  politically 
motivated  projects,  the  really  awful 
decisions. 

Because  until  you  can  get  rid  of 
them,  you’re  stuck  with  sabotage.  I 


Frank  Hayes.  Computer- 
world's  senior  news  colum¬ 
nist.  has  covered  IT  for  more 
than  20  years.  Contact  him  at 


You  Get  What  You  Measure 

Network  techs  at  this  manufacturer  are  surprised 
when  they  get  a  poor  evaluation  -  the  networks  are 
running  fine  with  few  user  complaints.  “That’s  the 
problem,"  says  IT  pilot  fish.  “Their  metric  is  how  many 
trouble  iickets  they  resolve  and  how  quickly."  So  techs 
take  to  randomly  unplugging  a  hub,  waiting  for  trouble 
tickets  to  come  in,  then  restarting  the  hub.  Reports 
fish,  “They  were  rated  ‘excellent’  on  their  next  review.” 
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Shocking 

“My  screen  is 
electrifying  the 
table  and  shock 
ing  me,”  user 
tells  support  pilot  fish. 
‘Touch  the  keyboard, 
and  you'll  see.”  Fish 
does,  and  feels  a  small 
vibration.  “That  isn’t  vi¬ 
bration,  that’s  electric 
current,”  user  insists.  T 
know  what  an  electric 
current  feels  like.”  Look¬ 
ing  around,  fish  spots  a 
rarely  used  IBM  Selec- 
tric  typewriter  at  the 
other  end  of  the  wooden 
table.  She  turns  it  off  - 
and  when  the  vibration 
stops,  user  asks,  “Do 
you  think  it  was  the 
typewriter  that  was 
shocking  me?” 


Penny-Wise 

When  an  error  brings 
down  this  company's 
Web  site  shopping-cart 
engine  on  a  Friday  after¬ 
noon,  pilot  fish  can’t  re¬ 
store  the  corrupted  file 
before  tracking  down  the 
boss,  who  has  already 
left.  Is  the  entire  site 
down?  irritated  boss 
asks  once  he’s  finally  lo¬ 
cated.  “We're  not  spend¬ 
ing  money  on  overtime 
to  restore  one  @#$%! 
file!”  Sighs  fish,  “We  got 
the  file  restored  at  the 
end  of  the  day  Monday. 
Based  on  the  Web  ac¬ 
cess  logs,  at  least 
$17,200  wasn’t  spent 
with  us  over  the  week¬ 


end  because  of 
the  outage.” 


it  Gains 
Something 
in  Translation 

Boss’s  fast  new  CD 
burner  needs  the  right 
media,  so  tech  pilot  fish 
asks  the  office  secretary 
to  order  some  record¬ 
able  CDs  rated  at  40X. 
“Imagine  my  surprise 
later  in  the  day,”  fish 
groans,  “to  hear  the  wa¬ 
ter-cooler  discussion 
about  my  trying  to  ac¬ 
quire  40  X-rated  CDs  for 
my  department!” 

Very  Fault- 
Tolerant  Indeed 

Users  are  complaining 
that  this  branch  office’s 
network  connection  is 
too  slow,  so  IT  pilot  fish 
checks  into  the  cost  of  a 
T1  line.  “Thinking  I  can 
reduce  latency  by  stay¬ 
ing  on  the  same  network 
as  the  main  office,  I  call 
the  network  admin 
there,”  says  fish.  Who 
was  the  provider  you 
used  for  the  second  T1 
line  you  installed  for 
fault  tolerance?  fish 
asks  -  and  is  stunned  to 
learn  that  both  T1  lines 
come  from  the  same  In¬ 
ternet  service  provider 
that’s  currently  “recov¬ 
ering  from”  bankruptcy. 
Sighs  fish,  “The  IT  man¬ 
ager  didn’t  want  to  have 
to  look  at  two  bills  each 
month.” 
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Find  out  when 
Computerworld 
publishes  the 
results  from  our 
17th  Annual 
Salary  Survey  of 
IT  Professionals! 


How  much  are  other  IT  professionals  with  your  experience  and  credentials  earning? 
With  help  from  you  and  your  IT  colleagues  across  the  country,  Computerworld  will 
answer  those  questions  with  results  from  our  17th  Annual  Salary  Survey. 

Please  take  our  survey  now  and  enter  a  drawing  to  win  a  $499  gift  certificate  from 

Amazon.com.  Our  survey  period  closes  on  Thursday,  July  3  at  5:00  p.m. 

Survey  results  and  feature  stories  that  offer  practical  career  advice  will  be  published  in 
the  October  27, 2003,  issue  of  Computerworld.  The  issue  will  offer  detailed  informa¬ 
tion  on  average  salaries  and  bonuses,  by  title,  industry  and  region.  You’ll  be  able  to 
compare  your  organization’s  compensation  plans  with  those  of  other 
organizations  and  find  the  hottest  areas  of  the  country  for  IT  pay. 


To  take  the  survey,  and  qualify  for  the  drawing,  go  to: 

computerworld.com/ss2003 
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affordable 

our  voice 

communications: 

and  data  services 

local,  long  distance, 

to  be  on  one 

and  Internet. 

global  network. 

Together.  From  one  company. 
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MCI 


Introducing  MCI  Advantagef  the  world’s  first  truly  converged  voice  and 
data  service.  It  gives  your  company  local  and  long  distance  calling  with 
Internet  services  on  one  global  IP  network.  Plus  easy  online  account 
management,  voicemail  control  features,  and  pay-as-you-go  flexibility  with 
a  minimal  upfront  investment.  In  other  words,  it's  what  every  CEO  and  CIO 
wants.  To  get  your  MCI  Advantage  now,  call  1  888  886  3844  or  go 
to  www.mci.com/go/proof 


Local  service  not  available  in  all  areas. 


